NetBIOS communication protocal

In modern day networks it seems that many attacks come from an open NetBIOS port. NetBIOS uses a variety of ports for certain communications here they are listed below.

1. Port 137 NetBIOS name resolution

2. Port 138 NetBIOS browsing and logon

3. 139 NetBIOS file and print sharing using (SMB)

NetBIOS is an outdated protocol that is used on networks prior to server 2003 although it is still available for those that have a need for backwards compatibility with older printers and Operating systems prior to XP. If, you have a network printer or computer running any of the above specifications you can isolate them on the network instead of keeping the NetBIOS protocol wide open. Many administrators are tempted to keep NetBIOS from running at all on anything over windows 2003 and on. This is not a bad idea, except there may be just a couple of side effects.

The domain and active directory create trust relationships called forests on each server. So, if you are a user and you are accessing the options on one forest you may not necessarily have access to any additional resources that you need on another. They solved this more with windows server 2003 by allowing the network admin to create a two way trust relationship between common forest active directory groups. NetBIOS for some reason is still Microsoft’s protocol to create these trust relationships between groups even though it has been outdated and no longer officially supported. But, if you are a small company with only a small network then you probably only have one domain so trust issues should not be an issue. The main issue is if you do not need to have it over come then the best thing to probably do is to turn NetBIOS off completely to secure your network holdings.

Disable NetBIOS on the DHCP server

To disable NetBIOS on a DHCP server take the following steps.

1. Choose start>programs>admin tools> then click DHCP

2. Look on the right hand side and you should see the server name (expand it by hitting the Plus)

3. Then right click on Scope options and then left click Configure options.

4. Choose the advanced tab, and in the drop down menu choose windows 2000 option in the vendor class list.

5. Click the 001 Microsoft Disable NetBIOS option check box, under available options

6. Finally at the bottom of the box says data 0x1 change it to read 0x2 then click ok to close.

Then on the clients (which most should have defaulted to anyway) Configure the DHCP client to enable the DHCP server to determine NetBIOS behavior

Windows XP, Windows Server 2003, and Windows 2000

1. In your control panel look for My network Places and click on it to open the windows

2. Once the window is open you will see a list of your adapters right click your network adapter

3. Look for TCP/IP settings on internet protocol.

4. Choose advanced option (and click the WINS tab at the top)

5. There should be an option listed for NetBIOS and choose to allow DHCP to set or choose disable.

Windows 7 and Vista

1. Click start and control panel.

2. Choose network connection in control panel.

3. On the left hand side of window there are a couple of different options choose the option to change adapter settings.

4. Click the option TCP/IPv4 ( TCP/IPv6 does not have NetBIOS option)

5. Choose advanced and the WINS tab

6. Choose the option you wish to use either from DHCP server or you can disable it all together on the client

More by this Author


Comments

No comments yet.

    0 of 8192 characters used
    Post Comment

    No HTML is allowed in comments, but URLs will be hyperlinked. Comments are not for promoting your articles or other sites.


    Click to Rate This Article
    working