Security Basics mailing list archives
Re: Blocking NetBios
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Wed, 16 Jun 2004 15:33:00 +0200
On 2004-06-15 Dan Denton wrote:
I believe there's a registry entry you can change to disable the administrative shares in WinXP and 2K Pro. Google for "disabling administrative shares" and you should find atleast something to go off of.
It's the value "AutoShareWks" (or "AutoShareServer" for servers) in HKLM\CurrentControlSet\Services\LanmanServer\Parameters, see KB article 314984 [1] for Details. But even though one can disable automatic sharing of local drives (and ADMIN$), it won't affect IPC$ (needed by the server service). That's why I don't see much sense in disabling administrative shares. A strong admin password would IMHO give better protection.
You could also disable the Server service if you don't want any access to any resource on the destination box, but I'm not sure how that would affect administrative functions.
This thread has shown a whole bunch of options to restrict the usage of NetBIOS. However, any of these options may affect functionality in one way or the other. Unfortunately the OP did not provide sufficient information for a reasonable suggestion on which option may suit his client's needs best. [1] http://support.microsoft.com/default.aspx?scid=kb;en-us;q314984 Regards Ansgar Wiechers --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- RE: Blocking NetBios, (continued)
- RE: Blocking NetBios Velasquez Venegas Jaime Omar (Jun 11)
- RE: Blocking NetBios Andrew Shore (Jun 11)
- Re: Blocking NetBios cert (Jun 14)
- Re: Blocking NetBios Ansgar -59cobalt- Wiechers (Jun 15)
- Re: Blocking NetBios cert (Jun 14)
- Re: Blocking NetBios faisyuet (Jun 11)
- Re: Blocking NetBios cert (Jun 14)
- RE: Blocking NetBios Depp, Dennis M. (Jun 14)
- RE: Blocking NetBios Brunner, Mark (Jun 14)
- RE: Blocking NetBios Andrew Shore (Jun 15)
- RE: Blocking NetBios Dan Denton (Jun 16)
- Re: Blocking NetBios Ansgar -59cobalt- Wiechers (Jun 16)
- Re: Blocking NetBios Doug Massey (Jun 20)
- RE: Blocking NetBios Bob Walton (Jun 22)
- RE: Blocking NetBios Streeter, Joseph (WI) (Jun 28)