Closing the backdoor on NetBIOS

Printable View

November 16th, 2002, 09:56 PM
ShagDevil

Closing the backdoor on NetBIOS

I did some research recently and found out about NetBIOS. Apparently this software created by microsoft leaves your computer vunerable to hackers online. I have decided to remove what they call "NetBIOS to TCP/IP binding" from my computer and have noticed through my firewall software (Outpost), that not only have my open ports dropped significantly, but the Attack Detection has basically quieted down dramatically as well. The whole reason I did this was I noticed that Outpost treated these NetBIOS connection attempts as possible attacks. I wondered why this was happening and hence, did the research. It almost seems that NetBIOS is useless unless you are using a LAN/WAN scenario. Is this true?

:what:
November 16th, 2002, 11:28 PM
ammo

<despare>Erhh!! </despare>

Yes... and this has been mentionned COUNTLESS TIMES ALREADY.
Please, please search/read the archives/forums before posting (now isn't to late either...)

Ammo

PS: Oh and by the way, MS didn't invent NetBIOS, IBM did...
November 17th, 2002, 01:33 AM
Spyder32

Re: Closing the backdoor on NetBIOS

Quote:

Originally posted here by ShagDevil
I did some research recently and found out about NetBIOS. Apparently this software created by microsoft leaves your computer vunerable to hackers online. I have decided to remove what they call "NetBIOS to TCP/IP binding" from my computer and have noticed through my firewall software (Outpost), that not only have my open ports dropped significantly, but the Attack Detection has basically quieted down dramatically as well. The whole reason I did this was I noticed that Outpost treated these NetBIOS connection attempts as possible attacks. I wondered why this was happening and hence, did the research. It almost seems that NetBIOS is useless unless you are using a LAN/WAN scenario. Is this true?

:what:

Heh, take ammo's advice next time. Yes, NetBIOS (Network Basic Input/Output System) was created by IBM, not Microsoft. Secondly, it is probably the easiest way to remotely access another computers files, which would probably be why your attack detection is lower. Many people do nbt scans to see if you have the service/port open. That would explain why the attack detection is lower, IMHO.

As for the LAN (Local Area Network) comment, yes, generally NetBIOS was meant for networked computers on a LAN or WAN to access each other's files easily. However, their is an exploit for it (obviously) so that is that. So yeah, unless you have a network, you should not have netBIOS open. Even if you do, use a strong password and/or install netbeui for the network. Hope I helped!
November 17th, 2002, 02:18 AM
Showtime8000

Ahh don't worry ShagDevil. Newbies (including me) are sometimes anxious to post...

Agnitum's default setting I believe blocks NetBIOS. NetBIOS is more of DoS vuln. than a hacker threat. True, hackers or kiddies can scan via NetBIOS for shares, even if they are hidden.
But more dangerously, a malicious person can down your system if your really vulnerable. Beware of the OOB nuke...........
November 17th, 2002, 02:25 AM
Spyder32

Showtime8000> you have an excellent point, however most systems these days aren't vulnerable against the OOB Nuke. It can still happen of course, just rarely.
November 17th, 2002, 02:30 AM
ShagDevil

The help is much appreciated. And I think I understand now, it was IBM, not Microsoft. I worded my post incorrectly when I said 'created'. Yes, I shall be more weary next time around as I'm only just starting around these parts. I still appreciate the help though. Thanks
December 27th, 2002, 05:46 AM
phaza7

yeah! thanx for the post and all the replys that explain so much for me as a newbie
fairly new to security issues.
--------------------------------------
phaza :-*