Disabling NetBIOS
Results 1 to 3 of 3

Thread: Disabling NetBIOS

  1. #1
    Senior Member
    Join Date
    Jan 2004
    Posts
    199

    Disabling NetBIOS

    Disabling NetBIOS

    Unless you purposely wish to host files in a Microsoft Network for other users to access, edit, remove, rename etc (depending on rights set), or share your printing services, then NetBIOS is really not for you.

    It is important to disable the NetBIOS from within your windows operating system, from a security stance, if you don’t wish to share your resources. Not doing this will leave your computer (or more directly any shared files or printers located within) open to remote manipulation

    At this point you may be thinking, big wow, someone can see a few files on my computer, like I care. You would be entitled to your opinion but I believe many more people would be really annoyed to find out the computer had basically been turned into a file/printer server for the uses of any Dick, Tom or Harry.

    Special care should be taken if relocating your computer from a home/personal network to another network (e.g. university halls network) to disable NetBIOS. Failure to do so means every other node on your subnet will inherit the same rights that you’re other personally networked computers did when you were at home. This mean means that hundreds of computers have to potential to gain direct access to your shared files and printers.

    Research into this field showed and surprised me at how many computer users simply just forget or don’t know that their computer was offering out files freely to anyone who comes calling. With the right tools and knowledge (readily available online) it can take only a few minutes to identify a computer openly serving many gigabytes of personal files, audio , video , images, ISO images, etc.

    Enough rambling, it’s time for action. I find the following simple rule of thumb to knowing whether or not you should turn off your NetBIOS capabilities useful :-

    if (I want to share my personal files/printers) {
    Action = Don’t disable NetBIOS
    }
    else {
    Action = Disable NetBIOS
    }


    So how do you disable NetBIOS on your computer? Many forums/sites recommend you block ports 135 to 139 on your firewall; thus disabling any possible use of NetBIOS. I certainly agree that a good firewall with the correctly blocked ports adds good secondary security coverage to NetBIOS but it’s by no means what your primary defence against NetBIOS should be.

    The best/primary course of action to disable NetBIOS is simply uninstalling the “File & Printer Sharing for Microsoft Networks” component from any network connections you wish to protect. The File & Printer Sharing component, bonded to a network connection, is the program which serves your resources (files, printers) out to the rest of the world.

    On my personal Windows XP computer when I had the “File & Printer Sharing for Microsoft Networks” component installed and bonded to a network connection I received the following responses on probing my NetBIOS resources : -


    There are no entries in the list.


    and when sharing a folder I received …


    Shared resources at xxx.xxx.xxx.xxx

    Share name Type Used as Comment
    -----------------------------------
    Documents Disk



    This clearly shows that my computer is indeed serving NetBIOS requests, whether or not I’m actually sharing any folders. Now let’s compare those responses to the ones I received after uninstalling the File & Printer Sharing component : -

    Windows cannot find the network path. Verify that the network path is correct and the destination computer is not busy or turned off. If Windows still cannot find the network path, contact your network administrator.

    The above response confirms that my computer has now stopped serving NetBIOS requests, thus removing any chance of remote access (via NetBIOS) to any shared folders I may or may not have.

    Footnotes: -

    • To remove the “File & Printer Sharing for Microsoft Networks” component from a network connection simply navigate to “Network Connections” , highlight the network connection you wish to uninstall the component from and select properties (from the right click menu). Once the properties window appears click “File & Printer Sharing for Microsoft Networks” from the item box and click uninstall.
    • The “Client for Microsoft Networks” component provides the facility for your computer to use resources located on remote machines. This doesn’t need to be uninstalled in the context of NetBIOS security.
    -

  2. #2
    Junior Member
    Join Date
    Aug 2004
    Posts
    25
    Good Evening

    Good article on NetBIOS. NetBIOS over TCP/IP frustrates me very much. I read the RFC1001 and it says,

    NetBIOS is an API, that provides,

    -Name Service:
    -Session Service:
    -Datagram Service:

    Name Service: This service provides Name Registration Requests, Name Release Requests, Name Renewal Requests from Client machines to NBNS/WINS/DNS.

    Session Service: This service provides a reliable message exchange service. Call, Listen, Hang-Up, Send, Receive, Session Status are the services that are provided.

    Datagram Service: This service provides non-reliable UDP at Layer-4. Depending upon the Node-Type, the client machines uses Broadcast, Directed, and/or Both for Name Services.

    My questions are:

    1]. Why would File And Printer Sharing Services use NetBIOS & what relationship File and Printer Sharing Services have with NetBIOS?

    2]. Let's say for discussion sake, if File And Printer Sharing Services are turned 'ON', doesn't the person need to have the User Account and Password information to LogOn to access the services?

    3]. If I disable NetBIOS Over TCP/IP, to me it tells,
    -No Name Service
    -No Session Service
    -No Datagram Service. Does this make a PC Stealth on a network?

    4]. Say, I've 2 PC's with NetBIOS 'ON', how do I use the Session Services like Call, Listen, Hang-Up, Send, Receive, Session Status? Are there any command that I can use in a Command Prompt to use these services?

    Your Suggestions Will Be Greatly Appreciated.

    ThankYou & Have A Great Day.

  3. #3
    Junior Member
    Join Date
    Jul 2004
    Posts
    5
    easy way of disabling netbios:

    Code:
    net stop netbios
    from command prompt

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides