May 16th, 2003, 09:05 PM
So I'm on IRC connect to a network with one of the now millions of XDCC channels out there (not downloading copy writed material!) and I decided to join one of there chat channels. After a wile I was talking to this self proclaimed Ub3r 31337 #4x0r d00d5 about how he gets the bots. All he really told me was that he gained access via Netbios. Now my question _isnt_
"how do i hack netbios", but rather how would i protect my little network from this when im thinking about trying to setup netbios/sharing on my lan? I've skimmed threw googles finding and the only thing I could come across would be to eather A) buy a router (but im to poor) B) setup a linux box (witch I'm really not formillur with) Is there any other sugestions that could help protect me, re-wiring my network isnt a problem, anything to protect me from being a victom from some idiot with some stolen rootkit. Thanks in advance to anyone who even checks out this post.
May 16th, 2003, 09:58 PM
Disable ports 135 and 139. (maybe 445 not sure) You can do this through the registry though I don't know the reg keys off the top of my head. And by doing this it might prevent you from file sharing.
Also by passwording your account, this may prevent others from accessing any shares on your computer without the correct username/password. This is worth a shot.
Actually the easiest solution would be to download a firewall. ZoneAlarm Pro is my favorite. BlackIce I heard was pretty good too.
May 16th, 2003, 10:05 PM
Firewall Simple as that....get Outpost...you can restrict Netbio to only your Local IP's...since these arn't used on the internet you should be safe...also...move your IP range to something weird like 10.30.21.2 [Yes, thats a valid LAN IP], it reduces the chances of getting guessed IP attacks, also, the NetBIOS port will only be available to your LAN if you set it up as such....generaly, and half decent firewall should do this for you, there is also a way of disabeling NetBIOS which does NOT involve messing with the Registry, I wouldn't be able to tell you where, coz I'v never needed to but I'v seen it.
A router should do it for you too, oh...if your gona use a Linux machine, may I suggest Smooth Wall? a Proxy/Firewall dedicated Distro (Or so I understand...)
With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!
Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.
May 16th, 2003, 10:26 PM
Since your not familiar with any Linux distro, definitely a firewall. Any conventional means of limiting or blocking access to a certain port (one that causes a vulnerability) would work for you. Also, you can never be to safe with your passwords. Keep them difficult and use different characters when creating your password.
Great bit of information right there, I'd definitely go with that suggestion.
also...move your IP range to something weird like 10.30.21.2 [Yes, thats a valid LAN IP], it reduces the chances of getting guessed IP attacks
May 17th, 2003, 12:04 AM
You should also share only the strictly necessary files for your network and nothing else. So, avoid complete hdd sharing, use your personal shared folders and not Windows default ones....
A simple trick would be to share your floppy driver or something like that with an attractive name for a potential attacker. The goal is to view when somebody tries to access to your sharings without knowing the trick.
Life is boring. Play NetHack... --more--
May 17th, 2003, 06:18 AM
I think the best thing for you to do is to get a firewall - as already stated above. I agree about getting Outpost. Since I didn't see a link posted, here you go.
Outpost is pretty user-friendly, so you shouldn't have too many problems. Also, there are quite a few posts here on AO about it, so finding help shouldn't be an issue. If you really want to be able to do sharing on your LAN while maintaining at least some security from the outside, then a personal firewall is the way to go. This is especially true for you since you have already expressed the need for a cheap/free solution. Outpost(free) definitely would fit your price range.
Hope that helps.
Opinions are like
holes - everybody\'s got\'em.
May 17th, 2003, 07:08 AM
There are sveral weaknesses in NetBIOS. The one the uber hacker was refering to is most likely what is called a Null session (or The Holy Grail of Hacking to the ScrpKd's). This allows annonymous shares to systems resources. If you are not using an internal LAN I would disable NetBios (Under networkadapters/protcols - remove) if you are, and your using Win 2000 or better(which you should) make sure you use NetBios over TCP/IP if all machines are 2000 or better and dont use the pre-windows 2000 compatiblity unless you need to. To disable Null Sessions in Win2000 Go to Administrative Tools --> Local Security Settings --> Local Policies --> Security Options, Select "Additional restrictions of anonymous connections" in the Policy pane on the right. From the pull down menu labeled "Local policy setting", select "No access without explicit anonymous permissions".Click OK the reboot. For other versions of Win, google 'NetBios null sessions' Oh, yeah and get a firewall. Hope this helps.