December 14th, 2001, 01:38 AM
How to Defuse the Dangers of NetBIOS
I thought this article may be of some use to a few AO members. It's a nice article from the fonderful folks at Zdnet The full article can be read here. On with the story....
Surf the Internet worry-free by eliminating the security issues of NetBIOS in Windows 95, 98 and Me systems.If you have a 24-7 broadband Internet connection, you probably know that firewalls are essential to protecting your Windows 95, 98 or Me system from malicious attacks. But what if you dial in to the Internet from a stand-alone Windows 95, 98, or Me system via a 56K modem? You might still need to be concerned with protecting your system.
Hidden in your system is an API that could be jeopardizing your computer's security when you're connected to the Internet. If this API, called NetBIOS, is bound to the TCP/IP protocol (the protocol that you use to connect to the Internet), you're leaving your computer wide open to a potential attack.
In this article, I'll introduce you to this NetBIOS problem and show you how you can quickly eliminate this security hole for stand-alone Windows 95, 98 and Me systems. As I do, I'll provide you with some sources for additional information on this problem.
NetBIOS has a long history in networking and was first put into use in 1985 by IBM. When Microsoft came out with its first Windows-based network operating system—Windows For Workgroups—they used an adapted version of NetBIOS for Windows and called it NetBEUI. Microsoft chose to use NetBEUI as the primary protocol for its networking software because it was very small and extremely efficient for small LANs consisting of between 20 and 200 computers. One of the things that made NetBEUI so great was the ease with which resources could be named, shared, and accessed in a workgroup (or peer-to-peer) network.
As the Internet and the World Wide Web burst on the scene, computers all over the world could easily connect to one another using the TCP/IP protocol, HTML, and browsing software such as Internet Explorer or Netscape Navigator. On the surface, users could interact with the Internet via their browsers; behind the scenes, their Windows-based systems used TCP/IP.
TCP/IP is the only protocol required to interact with the Internet. When you install TCP/IP on your Windows system, chances are good that NetBIOS and its wide-open file and printer sharing features, tag along by default. When this happens, chances are that you're leaving the backdoor open and don't even know it.
Leaving NetBIOS enabled thus means that your computer could potentially be sharing your hard drive on the Internet. In addition, all the files on your hard drive containing personal information are available to anyone who knows how to track this unlocked backdoor.
As I explained, the unlocked backdoor problem is caused by NetBIOS unnecessarily tagging along with the TCP/IP protocol when you're connected to the Internet. In technical terms, you would say that NetBIOS is bound to TCP/IP. Fortunately, you can unbind NetBIOS from TCP/IP. When you do, the backdoor is locked, and you can still surf the Internet without fear that someone is lurking through your files.
If you're using the original release of Windows 95 (build 950), locking the door is actually quite easy due to Windows 95's lack of sophistication. All you have to do is locate the file Vnbt.386 and rename it as anything you want, such as Vnbt.out.
If you're running Windows 95 OSR2, Windows 98, Windows 98 SE or Windows Me, the procedure is a bit more complex. First, you need to make sure that NetBEUI is installed on your system otherwise the procedure won't work. You can check to see if NetBEUI is installed by opening the Network dialog box in the Control Panel. Scroll through the components list on the Configuration tab. If you see NetBEUI listed, then you're ready to proceed.
If you don't see NetBEUI listed, click the Add button. When you see the Select Network Component type dialog box, select Protocol, and click Add again. Now, in the Select Network Protocol dialog box, select Microsoft in the Manufacturers list and NetBEUI in the Network Protocol list. Finally, click OK and insert the Windows CD when you're prompted to do so.
To complete the task, return to the Network dialog box and select your Dial-Up Networking adapter and then click the Properties button. Next, select the Bindings tab and clear all the check boxes except for the one marked TCP/IP Dial-Up Adapter.
At this point, you're ready to unbind NetBIOS from TCP/IP. To do so, return to the Network dialog box. This time, select the TCP/IP protocol that's bound to your Dial-Up Networking adapter from the list and click the Properties button. You should then see a message box that contains a warning. You can ignore this and click OK.
When you see the TCP/IP Properties dialog box, click the Bindings tab. Clear all the check marks from any check boxes that appear in the list. By clicking OK, Windows will display another warning message and prompt you to select at least one component. However, just click No. Finally, close the Network dialog box and reboot your system when you're prompted to do so.
Hope this was helpful to some degree. If you want more info on the story gohere.
December 16th, 2001, 05:27 PM
Hey Remote: After doing a netstat -a search I found that ports 137, 138 Netbios where listening. After going to markusjansson.net I renamed the Vnbt.386, now, I also found the netbios also resides in the AOL folder, sneaky? or what?
just renaming these two files has eliminated the netbios from showing up on a netstat -a . Do you have any more input, for securing a win98se box, with the netbios folders? Thanks
KNOWLEDGE IS OF TWO KINDS: We know a subject ourselves or we know where to find information upon it. SAMUEL JOHNSON
December 16th, 2001, 07:20 PM
More on NetBIOS
After searching the worlds greatest and fastest search engine , I've mannaged to come up with 919 pages to help you with netBIOS.
Search took 0.04 seconds. Click here to view the results.
Here's a little bit of information that I've came accross. Hope this helps... Click on the
link to view the article.
December 19th, 2001, 08:24 PM
Disable file and print sharing. My mother had this enabled and she isnt even on a network. Also remove microsoft family logon. It will say your network isnt complete, but if you are running a standalone computer hooked up to the internet through a 56k modem, you dont need it.
Wine maketh merry: but money answereth all things.