He has just closed all other services. We are both behind the same server, that is running a firewall for us.

I am using WinXP on my stationary machine and Linux on my laptop, same as him. Brute forcing from the laptop would probably be slower, though, since it only has a 100 mbit network card.

Since everyone is suggesting that I create scripts to do the brute forcing... Does that mean that a reasonably fast brute forcer for NetBIOS is not currently available to the "public"?

I still believe ENUM+ is the solution to my problems. I believe I have already mentioned the speed at which the ordinary ENUM version (which is the only one I can actually find a living link to) could test passwords from a dictionary. ENUM+ should be able to do the same, only it has a built-in password generator for brute forcing.