Home » Features » How to disable NetBIOS port 137 (UDP)

How to disable NetBIOS port 137 (UDP)

Key Points
Introduction: Explains why leaving UDP port 137 open is a risk and when you should block it.
What is NetBIOS Name Service on UDP port 137: Clarifies what port 137 is used for and the security impact of allowing inbound access.
Quick Setup: Provides guidance on how to detect leaving port 137 open as a misconfiguration using Vulnerability Manager Plus, and outlines the exact Windows Firewall steps to create an inbound rule that blocks UDP port 137.

Introduction

Port 137 is used by NetBIOS Name Service, and leaving inbound access open can expand the attack surface of Windows endpoints. When port 137 is reachable from outside your trusted network, systems can respond to name queries that help a remote host identify devices, workgroups, and sometimes the presence of file and printer sharing. This kind of information exposure can make reconnaissance easier and can indirectly assist attempts to access shared resources.

In many environments, NetBIOS is not required for modern name resolution because DNS and Active Directory handle most discovery and authentication. If port 137 is left open on laptops, desktops, or servers that move between networks, port 137 may be exposed on guest Wi-Fi, public networks, or less trusted segments. Blocking port 137 at the firewall is a simple hardening step that reduces unnecessary inbound traffic, limits legacy service exposure, and helps keep NetBIOS-related discovery restricted to where it is actually needed. If your organization does not rely on legacy NetBIOS browsing, blocking port 137 is generally recommended. This misconfiguration has Moderate severity.

Blocking port 137 at the firewall is a simple hardening step that reduces unnecessary inbound traffic, limits legacy service exposure, and helps keep NetBIOS-related discovery restricted to where it is actually needed, and you can detect this misconfiguration of leaving port 137 open using Vulnerability Manager Plus.

Spot port 137 and similar firewall gaps quickly using Vulnerability Manager Plus.

Spot Now

What is NetBIOS Name Service on UDP port 137?

NetBIOS Name Service, often referred to as NBNS, allows devices to register and resolve NetBIOS names to IP addresses, which was commonly used for older Windows networking and local network browsing. In practice, port 137 supports name query and name registration traffic, typically within a local subnet, and it is often seen alongside other NetBIOS and SMB-related ports in legacy configurations.

When NetBIOS over TCP/IP is enabled, a device may answer NBNS requests on port 137. That behavior can reveal system and network naming information and can assist discovery of systems that have file and printer sharing enabled. Even if you do not intend to expose these services broadly, allowing inbound port 137 can make endpoints more visible to scanning and enumeration attempts. Blocking port 137 with an inbound firewall rule prevents unsolicited NBNS queries from reaching the device, helps keep legacy name resolution from being exposed beyond trusted networks, and is commonly used as a baseline hardening measure when NetBIOS is not required.

Quick Setup

To detect the Windows Firewall NetBIOS Name Service exposure (UDP 137) misconfiguration:

  • Open the Vulnerability Manager Plus console and go to Threats---> System Misconfiguration to start checking port 137, and you can see the detected misconfigurations list.
  • In the misconfiguration list, use the search box to type port 137 and filter results to focus only on related findings.
  • Open the misconfiguration named Inbound connection in port 137 (UDP) is not blocked in Windows firewall, confirm it matches the expected firewall finding, and review the details to understand why it is flagged.
  • Check the affected endpoints list to identify which devices need a fix, then prioritize devices where the service is reachable and not required.
  • For each affected device, plan remediation to block port 137 consistently and document the remediation goal.

To remediate the Windows Firewall NetBIOS Name Service exposure (port 137) misconfiguration:

  • Open the Control Panel.
  • Click on Windows Firewall / Windows Defender Firewall.
  • Navigate to Advanced settings.
  • Right-click on Inbound Rules and click on New Rule.
  • Select Port and click Next.
  • Select UDP, specify port 137 under Specific local ports, and click Next.
  • Click Block the connection and click Next.
  • Select Domain, Private, and Public and select Next.
  • Enter a name and description, then click Finish. Your devices are now hardened against exposure on port 137.

Scheduling reports keeps teams informed without needing to log in manually.

Refer to this page to know in detail more about misconfiguration hardening

Start your 30-day free trial and block UDP port 137 across your endpoints with fast detection and remediation.