RE: Blocking NetBios

["Dan Denton" <ddenton () PAYLESSOFFICE com>]

I believe there's a registry entry you can change to disable the
administrative shares in WinXP and 2K Pro. Google for "disabling
administrative shares" and you should find atleast something to go off
of. You could also disable the Server service if you don't want any
access to any resource on the destination box, but I'm not sure how that
would affect administrative functions.

-----Original Message-----
From: Ansgar -59cobalt- Wiechers [mailto:bugtraq () planetcobalt net] 
Sent: Thursday, June 10, 2004 8:09 PM
To: security-basics () securityfocus com
Subject: Re: Blocking NetBios


On 2004-06-10 Kareem Mahgoub wrote:
> I have a request from one of our clients to block NetBios in thier 
> Network ( No one should be able to see the shared resources of others)

Not sure if I understand this correctly. If noone should see the shared
resources, then why are they sharing them? Should only selected
computers be able to access a resource? Or do they want to prevent
computers administrated by third parties from sharing resources?

> I have googled around and all what I have found is blocking it on the 
> edge communication equipment ( router, xDSL modemd..etc) Which will be

> done. The most important thing is to disable it internally ( inside 
> the LAN) Any suggestions???

Is invisibility of the shares sufficient or should (blind) access also
be prevented? The former can easily be achieved by appending a "$" to
the share's name (WHATEVER$ instead of WHATEVER). For the latter you
will have to use managed switches to block traffic at least from and to
ports 137-139 (both TCP and UDP). For Direct SMB you will have to block
port 445 as well. Another option may be setting file- and/or share-ACLs
on each computer appropriately.

What exactly are they trying to accomplish, if I might ask?

Regards
Ansgar Wiechers

------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------