1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Disabling NETBIOS

Discussion in 'Network Infrastructure' started by zimbo, Jul 30, 2006.

  1. zimbo
    Honorary Member

    zimbo Petabyte Poster

    5,215
    98
    181
    i remember reading this thread not long ago... i reached my MS press book and they have a section on Disabling NetBIOS for security reasons if you are not running pre 2k machines. So will DNS run the whole show if you totally disable NetBIOS - and i understand some features like browsing the network will not but what other implications would one face?
     
    Certifications: B.Sc, MCDST & MCSA
    WIP: M.Sc - Computer Forensics
  2. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    http://www.petri.co.il/disable_netbios_in_w2k_xp_2003.htm

    Any good Zim? :blink
     
  3. zimbo
    Honorary Member

    zimbo Petabyte Poster

    5,215
    98
    181
    Thanks si!
    something i dont get is why disable it in the first place?:blink
     
    Certifications: B.Sc, MCDST & MCSA
    WIP: M.Sc - Computer Forensics
  4. Baba O'Riley

    Baba O'Riley Gigabyte Poster

    1,760
    23
    99
    I guess if you were using a Windows workstation in a predominately non-Windows environment (eg. in a Netware server network), there would be no need having it installed.
     
    Certifications: A+, Network+
    WIP: 70-270
  5. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Because it is fundamentally insecure Zimbo.

    More here..
    http://infosec.vasc.com.vn/pls/wcm/show(0,162,456)
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  6. zimbo
    Honorary Member

    zimbo Petabyte Poster

    5,215
    98
    181
    thanks pete!:thumbleft
     
    Certifications: B.Sc, MCDST & MCSA
    WIP: M.Sc - Computer Forensics
  7. Baba O'Riley

    Baba O'Riley Gigabyte Poster

    1,760
    23
    99
    Surely that's only if you're using NetBIOS over TCP/IP?

    Also, you could use protocol isolation, which is talked about at the bottom of Bluerinse's link.
     
    Certifications: A+, Network+
    WIP: 70-270
  8. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    I thought BetBIOS soley was a good security measure due to it being a non routable protocol? I assume we are referring to BetBIOS over TCP/IP?

    Si
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  9. GW

    GW Byte Poster

    119
    4
    39
    Anyone that makes a NetBIOS connection to your computer can easily get a full accounting of usernames, groups, shares, permissions, policies, services and more.

    Example:

    C:\>net use \\192.168.3.2 \IPC$ "" /u:""

    This syntax connects to the hidden InterProcess Communication (IPC$) at IP 192.168.3.2 with the built-in anonymous user (/u:"") with ("") null password

    A communication channel is now established for an attacker to use.

    The CIFS/SMB and NetBIOS standards in Windows 2000 include APIs that return information TCP port 139 even without authenticating.

    If the above command completes successfully further exploitation can be brought to bare on the system.

    One thing that a person could use is a tool called NBTscan to scan IP networks for any NetBIOS name information. For each found host it will then list the IP address, NetBIOS computer name, logged-in user name as well as MAC address.

    Usually, an attacker will try to get a list of hosts attached to the wire.

    > c:\>net wiew /domain
    > c:\>nbstat -A <IP Address>

    Of course Windows 2003 has more security against NetBIOS attacks, Windows 2000 was a good OS to exploit for NetBIOS attackers.

    GW
     
    Certifications: MCP x4, CompTia x3
    WIP: Cisco CCNA
  10. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    Thanks, a great post. :)

    Si
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  11. zimbo
    Honorary Member

    zimbo Petabyte Poster

    5,215
    98
    181
    Thanks for that! So it would be good to disable NetBIOS in this case?
     
    Certifications: B.Sc, MCDST & MCSA
    WIP: M.Sc - Computer Forensics
  12. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    Will do a search, but hasn't this come up before where if you disable NetBIOS it causes all sorts of problems? :blink

    Si
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  13. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Yes that is the caveat, many so called legacy apps (old applications) still require it and so they won't work without it.

    The gist I get is that Microsoft are trying to move away from NetBIOS by using such things as Active Directory to publish shared resources but at the moment the vast majority of organisations need and rely on it :blink
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)

Share This Page

Loading...