logo

Port 138 – NetBIOS Datagram Service

Service:

netbios-dgm

Protocol:

UDP

Port:

138

Used for:

Windows browsing and LAN communication

Why It’s Open

Used for older Windows workgroup browsing and announcements. Rarely needed in modern environments.

Common Risks

  • Sensitive Info Leakage: Hosts may broadcast details to the whole subnet.
  • SMB Relay Attacks: Can be used in combination with other NetBIOS vectors.
  • Internal Recon: Useful for identifying systems and users.

Want to save time on reporting?

Let PentestPad generate, track, and export your reports - automatically.

logo-cta

Enumeration & Testing

Nmap check

Terminal window
nmap -sU -p 138


nbtscan -r

What to Look For

CheckpointWhat it means
Active broadcastsData visible to all in subnet
Insecure systemsMay rely on NetBIOS functions

Known Exploits

  1. CVE-1999-0519 NetBIOS Datagram Service allows remote attackers to obtain sensitive information. 🔗 NVD Entry

Mitigation

  • Disable NetBIOS over TCP/IP.
  • Filter internal broadcast traffic.
  • Replace with modern alternatives like mDNS or DNS-SD.

Real-World Example

Port 138 has been leveraged in red team exercises to detect legacy machines and extract session names and hostnames in flat networks.

TL;DR

  • Service: NetBIOS Datagram Service
  • Default Port: 138/UDP
  • Risks: Information disclosure
  • Mitigation: Disable NetBIOS over TCP/IP if not required, implement firewall rules