Results 1 to 7 of 7

Thread: Netbios security

  1. #1
    Junior Member
    Join Date
    Aug 2002
    Posts
    22

    Netbios security

    So I'm on IRC connect to a network with one of the now millions of XDCC channels out there (not downloading copy writed material!) and I decided to join one of there chat channels. After a wile I was talking to this self proclaimed Ub3r 31337 #4x0r d00d5 about how he gets the bots. All he really told me was that he gained access via Netbios. Now my question _isnt_
    "how do i hack netbios", but rather how would i protect my little network from this when im thinking about trying to setup netbios/sharing on my lan? I've skimmed threw googles finding and the only thing I could come across would be to eather A) buy a router (but im to poor) B) setup a linux box (witch I'm really not formillur with) Is there any other sugestions that could help protect me, re-wiring my network isnt a problem, anything to protect me from being a victom from some idiot with some stolen rootkit. Thanks in advance to anyone who even checks out this post.

  2. #2
    Senior Member br_fusion's Avatar
    Join Date
    Apr 2002
    Posts
    167
    Disable ports 135 and 139. (maybe 445 not sure) You can do this through the registry though I don't know the reg keys off the top of my head. And by doing this it might prevent you from file sharing.

    cheers

    Also by passwording your account, this may prevent others from accessing any shares on your computer without the correct username/password. This is worth a shot.

    Actually the easiest solution would be to download a firewall. ZoneAlarm Pro is my favorite. BlackIce I heard was pretty good too.

  3. #3
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    Firewall Simple as that....get Outpost...you can restrict Netbio to only your Local IP's...since these arn't used on the internet you should be safe...also...move your IP range to something weird like 10.30.21.2 [Yes, thats a valid LAN IP], it reduces the chances of getting guessed IP attacks, also, the NetBIOS port will only be available to your LAN if you set it up as such....generaly, and half decent firewall should do this for you, there is also a way of disabeling NetBIOS which does NOT involve messing with the Registry, I wouldn't be able to tell you where, coz I'v never needed to but I'v seen it.

    A router should do it for you too, oh...if your gona use a Linux machine, may I suggest Smooth Wall? a Proxy/Firewall dedicated Distro (Or so I understand...)

    - Noia
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.

  4. #4
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Since your not familiar with any Linux distro, definitely a firewall. Any conventional means of limiting or blocking access to a certain port (one that causes a vulnerability) would work for you. Also, you can never be to safe with your passwords. Keep them difficult and use different characters when creating your password.

    also...move your IP range to something weird like 10.30.21.2 [Yes, thats a valid LAN IP], it reduces the chances of getting guessed IP attacks
    Great bit of information right there, I'd definitely go with that suggestion.
    Space For Rent.. =]

  5. #5
    Senior Member
    Join Date
    Apr 2002
    Posts
    634
    You should also share only the strictly necessary files for your network and nothing else. So, avoid complete hdd sharing, use your personal shared folders and not Windows default ones....

    A simple trick would be to share your floppy driver or something like that with an attractive name for a potential attacker. The goal is to view when somebody tries to access to your sharings without knowing the trick.

    KC
    Life is boring. Play NetHack... --more--

  6. #6
    Senior Member
    Join Date
    Aug 2002
    Posts
    651
    I think the best thing for you to do is to get a firewall - as already stated above. I agree about getting Outpost. Since I didn't see a link posted, here you go.

    Agnitum Outpost

    Outpost is pretty user-friendly, so you shouldn't have too many problems. Also, there are quite a few posts here on AO about it, so finding help shouldn't be an issue. If you really want to be able to do sharing on your LAN while maintaining at least some security from the outside, then a personal firewall is the way to go. This is especially true for you since you have already expressed the need for a cheap/free solution. Outpost(free) definitely would fit your price range.

    Hope that helps.


    Good luck,

    t2k2
    Opinions are like holes - everybody\'s got\'em.

    Smile

  7. #7
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604

    NetBIOS

    There are sveral weaknesses in NetBIOS. The one the uber hacker was refering to is most likely what is called a Null session (or The Holy Grail of Hacking to the ScrpKd's). This allows annonymous shares to systems resources. If you are not using an internal LAN I would disable NetBios (Under networkadapters/protcols - remove) if you are, and your using Win 2000 or better(which you should) make sure you use NetBios over TCP/IP if all machines are 2000 or better and dont use the pre-windows 2000 compatiblity unless you need to. To disable Null Sessions in Win2000 Go to Administrative Tools --> Local Security Settings --> Local Policies --> Security Options, Select "Additional restrictions of anonymous connections" in the Policy pane on the right. From the pull down menu labeled "Local policy setting", select "No access without explicit anonymous permissions".Click OK the reboot. For other versions of Win, google 'NetBios null sessions' Oh, yeah and get a firewall. Hope this helps.


    -Maestr0

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •