Security Basics mailing list archives
RE: Blocking NetBios
From: "whirlow" <admin () whirlow plus com>
Date: Fri, 11 Jun 2004 21:38:37 +0100
To follow on a bit from the other posts regarding your issue. Assuming that your clients network is solely running Win 2k/xp, you could use the following as there are four default ways to block NetBIOS on a Windows 2000 system. 1) IPSecurity Filtering (Unrelated to IPSec) Located: Control Panel - Administrative Tools - Local Security Policy - IPSecurity Policies Use: Define a rule for destination ports tcp139 and 445 from any source port / source address to 'My IPAddress'. Create and assign a blocker rule to this filter. Pro: ports 139 and 445 will not respond to a port scan. Filters are granular per protocol, and source and destination ports and addresses. Con: Tricky to setup the first time. Blocker rule must be manually defined Reboot Required?: NO 2) Advanced TCP/IP filtering Located: Control Panel - Network - Internet Protocol (TCP/IP) Properties - Advanced - Options - TCP/IP Filtering Properties Use: Permit Only specific protocols. Do Not permit tcp (protocol 6) ports 139 or 445 Pro: ports 139 and 445 will not respond to a port scan Con: Permit Only mechanism means you have to specify each allowed protocol, including RPC ports. (also: ICMP will be permitted even if you specify to 'permit only' and leave permitted fields blank) Reboot Required?: YES 3) Disable NetBIOS over TCP/IP (suggested in other posts) Located: Control Panel - Network - Internet Protocol (TCP/IP) Properties - Advanced - WINS Use: Click radio button to "Disable NetBIOS over TCP/IP" Pro: tcp 139 will not respond to port scans Con: tcp 445 will still accept connections and process NetBIOS Reboot Required: NO **WARNING: This method gives a false sense of security and should not be used as tcp 445 is still open and will accept connections** 4) Unbind File and Printer Sharing for Microsoft Networks Located: Control Panel - Network - Advanced (from menu bar) - Advanced Settings Use: Select Network Card to unbind NetBIOS - Uncheck File Sharing for Microsoft Networks Pro: Will disable all incoming requests to tcp 139 and 445 Con: tcp 139 will appear on a port scan, but will not respond to requests Reboot Required: NO I find options 1 and 4 preferable depending on requirements. --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- RE: Alternative to Windows Explorer, (continued)
- RE: Alternative to Windows Explorer Marcel Janus (Jun 07)
- RE: Alternative to Windows Explorer Michael Dunn (Jun 05)
- RE: Alternative to Windows Explorer Halverson, Chris (Jun 05)
- Re: Alternative to Windows Explorer atarata () internode on net (Jun 07)
- RE: Alternative to Windows Explorer Halverson, Chris (Jun 07)
- Re: Alternative to Windows Explorer Brad Germany (Jun 08)
- Re: Alternative to Windows Explorer steve (Jun 09)
- ACL in Linux Marcelo Leão Caffaro (Jun 09)
- Blocking NetBios Kareem Mahgoub (Jun 10)
- RE: Blocking NetBios Glen L. Bowes (Jun 11)
- RE: Blocking NetBios whirlow (Jun 14)
- RE: Blocking NetBios David Gillett (Jun 11)
- Re: Blocking NetBios Ryan King (Jun 11)
- Re: Blocking NetBios Ansgar -59cobalt- Wiechers (Jun 15)
- Re: Alternative to Windows Explorer Brad Germany (Jun 08)
- RE: ACL in Linux Michael LaSalvia (Jun 11)