-
January 23rd, 2004, 12:18 AM
#1
Netbios
Is there anyway to tell if anyone currently has , or has in the past created a netbios session with my computer ? I'm running winXP.
Thanks in advance.
-
January 23rd, 2004, 12:26 AM
#2
Member
yeah do you have a firewall they will normaly log that type of thing or if you dont get an ids (search google) or zone alarm net bios sessions will show up on port 139
-
January 23rd, 2004, 03:33 AM
#3
Yes, that would be one method, but i was looking more to if any log files are created etc.
-
January 23rd, 2004, 04:11 AM
#4
For seeing if there's someone connected to you in real time, you can do a netstat -n at the command prompt. If there is a connection to you on port 139 then someone is in a netbios session( or I guess they could just be connected to you on port 139 without being in a netbios session). as for past sessions, you should be able to go into the event viewer under control panel>administrative tools, and I think that will log netbios connections. I'm not positive though. Hope that helped.
-
January 24th, 2004, 03:40 AM
#5
If configured in the Local, Domain, or Domain Controller Security Policy MMC Snap-In (depending on which version and what type of net it's on), h3r3tic is correct.
Just remember, if the computer in question in in a Windows Domain, the Domain's security policy overrides the local one, so it would have to be set up on the DC. If it's stand-alone or workgroup, configure it in the local security policy.
-
January 24th, 2004, 03:51 AM
#6
Is there anyway to tell if anyone currently has , or has in the past created a netbios session with my computer ? I'm running winXP.
The event logs (as h3r3tic mentioned) should tell you if there was a connection to your computer, but only if logs are enabled. (It keeps track of remote log ins, anyway) In Xp home, they are disabled by default.
576869746568617 is also correct, but again, only if it is set up ahead of time. This is called pre-incident preperation, and someone did a tutorial on this awhile ago. In a default state, XP doesn't tell you much.
If al l you have is the built in XP firewall, then this link should help you tweak it .
http://www.microsoft.com/technet/tre...erstanding.asp
-
January 24th, 2004, 11:51 PM
#7
Might also consider downloading an good IDS. A pretty painless one is GFI S.I.M. (system integrity monitor). It's a free download, but doesn't ave a very rich featureset. Overall, it's good though. For a more powerful/customizable IDS, get snort.
-
January 25th, 2004, 01:44 AM
#8
I know this is sort of answering my own question, but just incase anyone else wanted to find the same thing, if you type "nbtstat -s" into a dos command window you will be presented with a table showing all the current sessions (incoming and outgoing).
-
January 25th, 2004, 02:10 AM
#9
Junior Member
HELP HELP, got a win xp home computer thats almost gone the virus i have replicates, even when i dont a OS, when i did a F Disk, the virus went phsyco and wont let any system restore work, how do i get ride of NET Bios
-
January 25th, 2004, 03:26 AM
#10
Disabling NetBIOS
Neo_diablos:
NOTE: You computer will not be able to share files on o network as a result of these modifications: If you need to be able to do this, skip down past "NetBIOS should effectively be disabled"
Disabling NetBIOS
On XP (Home or Pro), go to the properties for your network card or modem and make sure that "File and Printer Sharing" is not checked. Also, go to "Internet Protocol (TCP/IP)" and select properties. Select the "Advanced" button and then the "WINS" tab. Check the box beside "Disable NetBIOS over TCP/IP (it's about 3/4 the way down.) Click Apply and OK. Next, Go into "Control Panel" then "Administrative Tools" and then "Services"
Disable the following services: (the previous step should have done this for us, but it is always best to double-check )
TCP/IP NetBIOS Helper Service
Remote Access Auto Connection Manager
Simple Network Monitoring Protocol (if installed)
NOTE: SNMP isn't part of NetBIOS, but can be forced to divulge similar information if enumerated.
NetBIOS should effectively be disabled.
As an added measure, or if you need to be able to share files on a network, install a personal or hardware firewall and block TCP/UDP ports 135-139 and 445.
You might want to also take the time to harden the TCP/IP protocol stack a little further...this is not for the faint of heart as it involves modification of the registry. There are programs available that will do this for you, such as Tweak Manager.
These changes will make the computer less suseptable to DoS and SYN flooding, but performance may suffer....In my experience it has been un-noticeable.
Open your registry with regedit and find HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Create the following DWORD values and set them to the numeric value in quotes. If the DWORD value already exsists, just change the numeric value.
EnableDeadGWDetect = "0"
EnableICMPRedirect = "0"
EnablePMTUDiscovery = "0"
KeepAliveTime = "300,000"
NoNameReleaseOnDemand = "1"
PerformRouterDiscovery = "0"
SynAttackProtect = "2"
Restart Windows
After all this, search through the forums and learn how to disable the default accounts in XP, as well as give the "Administrator" and "Guest" accounts strong passwords. Also disablew remote assistance if you haven't already done so.
Hope it helps
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|