Re: Blocking NetBios

[Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>]

On 2004-06-15 Dan Denton wrote:
> I believe there's a registry entry you can change to disable the
> administrative shares in WinXP and 2K Pro. Google for "disabling
> administrative shares" and you should find atleast something to go off
> of.

It's the value "AutoShareWks" (or "AutoShareServer" for servers) in
HKLM\CurrentControlSet\Services\LanmanServer\Parameters, see KB article
314984 [1] for Details. But even though one can disable automatic
sharing of local drives (and ADMIN$), it won't affect IPC$ (needed by
the server service). That's why I don't see much sense in disabling
administrative shares. A strong admin password would IMHO give better
protection.

> You could also disable the Server service if you don't want any access
> to any resource on the destination box, but I'm not sure how that
> would affect administrative functions.

This thread has shown a whole bunch of options to restrict the usage of
NetBIOS. However, any of these options may affect functionality in one
way or the other. Unfortunately the OP did not provide sufficient
information for a reasonable suggestion on which option may suit his
client's needs best.

[1] http://support.microsoft.com/default.aspx?scid=kb;en-us;q314984

Regards
Ansgar Wiechers

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------