Security Basics mailing list archives
RE: Blocking NetBios
From: "Dan Denton" <ddenton () PAYLESSOFFICE com>
Date: Tue, 15 Jun 2004 12:14:10 -0500
I believe there's a registry entry you can change to disable the administrative shares in WinXP and 2K Pro. Google for "disabling administrative shares" and you should find atleast something to go off of. You could also disable the Server service if you don't want any access to any resource on the destination box, but I'm not sure how that would affect administrative functions. -----Original Message----- From: Ansgar -59cobalt- Wiechers [mailto:bugtraq () planetcobalt net] Sent: Thursday, June 10, 2004 8:09 PM To: security-basics () securityfocus com Subject: Re: Blocking NetBios On 2004-06-10 Kareem Mahgoub wrote:
I have a request from one of our clients to block NetBios in thier Network ( No one should be able to see the shared resources of others)
Not sure if I understand this correctly. If noone should see the shared resources, then why are they sharing them? Should only selected computers be able to access a resource? Or do they want to prevent computers administrated by third parties from sharing resources?
I have googled around and all what I have found is blocking it on the edge communication equipment ( router, xDSL modemd..etc) Which will be
done. The most important thing is to disable it internally ( inside the LAN) Any suggestions???
Is invisibility of the shares sufficient or should (blind) access also be prevented? The former can easily be achieved by appending a "$" to the share's name (WHATEVER$ instead of WHATEVER). For the latter you will have to use managed switches to block traffic at least from and to ports 137-139 (both TCP and UDP). For Direct SMB you will have to block port 445 as well. Another option may be setting file- and/or share-ACLs on each computer appropriately. What exactly are they trying to accomplish, if I might ask? Regards Ansgar Wiechers ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- RE: Blocking NetBios, (continued)
- RE: Blocking NetBios Kirk Brady (Jun 11)
- RE: Blocking NetBios Velasquez Venegas Jaime Omar (Jun 11)
- RE: Blocking NetBios Andrew Shore (Jun 11)
- Re: Blocking NetBios cert (Jun 14)
- Re: Blocking NetBios Ansgar -59cobalt- Wiechers (Jun 15)
- Re: Blocking NetBios cert (Jun 14)
- Re: Blocking NetBios faisyuet (Jun 11)
- Re: Blocking NetBios cert (Jun 14)
- RE: Blocking NetBios Depp, Dennis M. (Jun 14)
- RE: Blocking NetBios Brunner, Mark (Jun 14)
- RE: Blocking NetBios Andrew Shore (Jun 15)
- RE: Blocking NetBios Dan Denton (Jun 16)
- Re: Blocking NetBios Ansgar -59cobalt- Wiechers (Jun 16)
- Re: Blocking NetBios Doug Massey (Jun 20)
- RE: Blocking NetBios Bob Walton (Jun 22)
- RE: Blocking NetBios Streeter, Joseph (WI) (Jun 28)