Hi everyone!

I have a question concerning NetBIOS. I know there's written a lot about it and why you should disable it. Nevertheless I'm using it... I'm behind a router, which stealthens our network. Behind the router we have several computers, all have Windows XP Professional installed. There's one printer everyone has access to and we share some folders on all computers. On the computers there's TDS-3, NAV 2003 and Look'n'Stop v2.04 installed.

If I disable NetBIOS on the computers, the problems begin to occur (even tough Look'n'Stop is properly set and NOT blocking these requests). For example we aren't able to print anymore, we don't have the possibility to access the shared folders on the other computers,... Quite annoying as you certainly agree! >:(

So, now to my question. Is it possible to share files, print documents,... even though NetBIOS isn't activated? I've checked my router log and there is from time to time traffice between the ports 137 and 139 (both are related to NetBIOS), which I don't appreciate much. What are you doing, enabling or disabling NetBIOS?

Thanks for your kind help!

Best regards!

Patrice

Hello,

Just disable NetBIOS with Protocol TCP/IP on your Internet NIC and don't on the other NIC.

Hi JacK!

I don't think that works, because we have broadband... Everyone is connected to the internet directly. That means that I should disable it on every computer.

Greetings!

Patrice

-{ Quote: " quoting: Patrice link=board=21;threadid=8616;start=0#55868 date=1050864501]
Hi JacK!

I don't think that works, because we have broadband... Everyone is connected to the internet directly. That means that I should disable it on every computer.

Greetings!

Patrice
" }-

Hello,

It works of course : no need NetBIOS on the Internet NIC to share printers and files on the LAN.

Sorry JacK if I'm asking you a stupid question. What exactly do you mean by NIC? For me, NIC has something to do with domain registry and web address registration... Am I completely wrong?

I would really appreciate it if you could give me some additional information about how to do that (if I misunderstand it).

Thanks!

Patrice

Definition NIC Webopedia (http://www.webopedia.com/TERM/N/network_interface_card_NIC.html).

Regards,

Pieter

LOL! ;D O.K., now I begin to understand!

Thanks Pieter_Arntz!

Damn it! It still doesn't work... I just deactivated NetBIOS on the above mentioned computer, but when I try to connect to it from my computer (shares), it doesn't work. It's not allowed, it says... I don't have the permission to do that. Strange... Don't get it -what did I do wrong?

Help appreciated! ???

Hi Patrice,

Not sure how you are set up (no experience with cable), but I have multiple connections on one NIC as well.
NetBIOS over TCP/IP enabled on the network-connection and disabled on the Internet-connection.
Can you do the same? Because it sounds as if you completely disabled it.

Regards,

Pieter

Hi Pieter_Arntz!

All my computers are directly connected to the router. That means that they send/share data via the router. If I read your statement, it looks to me as if you have a server-like PC.

If I misunderstand your statement, help me from the scratch. Perhaps I'm misled in a way...

Regards!

Patrice

You´re correct. My network is set up like in the attachment.

For file and print sharing on a network, if you disable netbios over tcp, you need to use another protocol for your network as far as I know. On XP you have IPX/SPX available and that is non routable, so it will work fine.
The other alternative is NetBeui, but on XP I believe you have to hunt that protocol down on the XP disk somewhere.
Perhaps I'm missing some thing here. I do not have a router or Hi speed connection, but I have a 3 computer lan with a hub. When I disabled Netbios, I definitely had to install another protocol for the nics to use to communicate with each other.
Just thought I'd throw that out and see if I totally missed the boat here. ;D

Where PC1 is acting as a server if I want to share my internet connection.
So my Connections window looks like this.
(Disregard Firewire connection).
As you can see Microsoft Network Client and File- and Printersharing are checked for that connection. NetBIOS is enabled as well. These are all not enabled for the ADSL connection.
Still not sure if this will work for cable.

Regards,

Pieter

Hi guys!

root: I appreciated your post, I think like you. I'm in need of another protocol. But I'm not 100% sure about that.

Pieter_Arntz: I don't see that you have NetBIOS enabled. In my connections window I got the following elements:

-Client for Microsoft Networks
-Printer and File Sharing
-Look'n'Stop Driver (disregard this one)
-NWLink-NetBIOS
-NWLink IPX/SPX/NetBIOS compatible protocol
-Internet protocol TCP/IP

If I disable NWLink-NetBIOS and NWLink IPX/SPX/NetBIOS compatible protocol (they are linked together) on one of the computers, I'm not able to connect to the other computer and grab the files in the shared folder or use the network printer.

Somehow I have to admit that I don't really understand the NetBIOS well. Sometimes networking on Windows computers is a bet -sometimes it works fine, sometimes it doesn't.

Thanks for all your help so far!

Patrice

I would assume your router would protect your internal network from most threats involving NetBIOS. As network shares are usually unprotected (usually no password or access restrictions)... NetBIOS ports (137-139) are usually common targets for attackers. If you are behind a router that offers NAT for example... plus your software firewall... it will make it quite difficult for someone on the outside to get to those ports on your computer (unless of course you specifically configure your router to forward requests to those ports on your computer).

If you didnt have the router, a good suggestion is to do what Jack and Pieter_Arntz suggested and make sure NetBIOS is turned off on the computer (NIC) that is directly connected to the cable or DSL modem.

And I am also some what sure that if you want to use TCP/IP on a private network for file sharing that you must enable NetBIOS over TCP/IP.

A good site to read about this kinda stuff with some good guides and tutorials is http://www.practicallynetworked.com.

This one might be particularly helpful if this is what you are trying to do on your network http://www.practicallynetworked.com/sharing/xp_filesharing/

Hope that helps

Edit: Forgot to mention Jack
Oh and keep in mind that if you decide to go with IPX or some other protocol, you may receive a performance hit when the primary protocol is not being used.

Hi I_lack_commonsense!

Thanks for your answer! Actually I think like what you said here:
-{ Quote: " quoting: I_lack_commonsense link=board=21;threadid=8616;start=0#55982 date=1050907323]
If you are behind a router that offers NAT for example... plus your software firewall... it will make it quite difficult for someone on the outside to get to those ports on your computer (unless of course you specifically configure your router to forward requests to those ports on your computer)." }-

Like that, my network is configured. I don't use a server-like PC. Every computer is connected directly to the router (and so to the internet).
-{ Quote: " quoting: I_lack_commonsense link=board=21;threadid=8616;start=0#55982 date=1050907323]
And I am also some what sure that if you want to use TCP/IP on a private network for file sharing that you must enable NetBIOS over TCP/IP." }-

As far as I know, your second statement is correct as well. I always run into problems by disabling it.

But nevertheless, according to my router log, there is some traffic on port 137. I still don't know what it is and if it's blocked by the router. I will hang on it and check it from now on more closely. There's not much traffic, but there is. I traced the IP's who are sending the signal, but til now I don't have a clue why they are sending it. Anyone of you uses a router and have the same entries in the router log?

Perhaps I check this port with TDS-3 and start the so called TCP Port Listen Tool. Who knows, perhaps I get some really nice additional information.

Best regards!

Patrice

Hi guys!

O.K., I was listening with TDS-3 TCP Port Listen utility on port 137 and guess what: nothing at all! As always when you wanna prove something...

But I think I know why this traffic from time to time occurs. When you're surfing around some servers (websites) are sending signals and I suppose they also send a signal on port 137 to see who's connecting to them. That's why I got (inbound) traffic on port 137. But there's still the proof to be done! ;)

Anyone of you has good other suggestions to that subject?

Regards!

Patrice

-{ Quote: " quoting: Patrice link=board=21;threadid=8616;start=15#55994 date=1050914704]
But nevertheless, according to my router log, there is some traffic on port 137. I still don't know what it is and if it's blocked by the router." }-

If what you are seeing is showing logged as inbound with the destination IP being your WAN IP, it is traffic that is blocked by your router (BEFSR41 - correct?). As for inbound UDP 137 scans, there is still lots of that going on and is nothing to be worried about.

As long as you are not forwarding anything through the router, it will stop all unsolicited inbound traffic. As mentioned by I_lack_commonsense this will protect systems on the LAN that may have shares and netbios enabled.

To provide control over shares and access to netbios on the LAN systems, using a software firewall on those systems will accomplish this. Depending on the firewall in use this could be via a rule permitting any LAN traffic, netbios traffic only for LAN systems, trusted zones, etc. Just be sure to limit this traffic to LAN systems.

Sample for rule permitting any LAN traffic:

Rule xx Permit LAN Traffic
Protocol: TCP or UDP
Action: Permit
Direction: Either
Application: Any Application
Local Service: Any Service
Local Address: Any Address
Remote Service: Any Service
Remote Address:
......................IP: 192.168.1.xxx
......................IP: 192.168.1.xxx

This example shows individual IP's for systems on the LAN, but could also be for an IP range or the subnet, your choice. This rule should be at the top of your rule set.

With the router in place and software firewalls on the LAN systems you should be fine using netbios.

Regards,

CrazyM

Hi CrazyM!

Thanks for your answer! Yes, the traffic on port 137 is blocked. If it's not blocked by the router, it will be blocked certainly by the firewall (Look'n'Stop). Nevertheless, NetBIOS has to be activated inside my network, otherwise it's not functioning correctly anymore (printer sharing/file sharing).

I was just wondering if I could disable it inside the network, but according to my experiences I can't. My firewall is correctly set to accept traffic from the other computers. I made a rule, which accepts just traffic from the specific MAC addresses of the other computers.

Thanks for all your help!

Best regards!

Patrice

The blocked Inbound UDP 137 you are seeing is likely due to the bugbear worm/virus. For more info on the top ports being scanned you could take a look at incidents.org (http://isc.incidents.org/).

Regards,

CrazyM

-{ Quote: " quoting: Patrice link=board=21;threadid=8616;start=15#56015 date=1050926199]
Hi CrazyM!


I was just wondering if I could disable it inside the network, but according to my experiences I can't. My firewall is correctly set to accept traffic from the other computers. I made a rule, which accepts just traffic from the specific MAC addresses of the other computers.

Thanks for all your help!

Best regards!

Patrice
" }-

Hello Patrice,

I have a LAN like Pieter's : a server and some clients ; you may NOT disable NetBIOSon your LAN NIC when sharing printers and files, just disable on the NIC for your Internet connexion.

Rgds,

-{ Quote: " quoting: root link=board=21;threadid=8616;start=0#55915 date=1050875339]
For file and print sharing on a network, if you disable netbios over tcp, you need to use another protocol for your network as far as I know. On XP you have IPX/SPX available and that is non routable, so it will work fine.
The other alternative is NetBeui, but on XP I believe you have to hunt that protocol down on the XP disk somewhere.
Perhaps I'm missing some thing here. I do not have a router or Hi speed connection, but I have a 3 computer lan with a hub. When I disabled Netbios, I definitely had to install another protocol for the nics to use to communicate with each other.
Just thought I'd throw that out and see if I totally missed the boat here. ;D
" }-

Hi Root,

That's a good solution too. NetBEUI works fine on little LAN (less than 10 PC)

You will find it on WinXP CD in VALUEADD\MSFT\NET\NETBEUI

Copy nbf.sys into %SYSTEMROOT%\SYSTEM32\drivers\
Copy netnbf.inf into %SYSTEMROOT%\INF\To install : go to NIC properties and click add Protocols.

Rgds,

Hi JacK!
-{ Quote: " quoting: JacK link=board=21;threadid=8616;start=15#56023 date=1050932241]
I have a LAN like Pieter's : a server and some clients ; you may NOT disable NetBIOSon your LAN NIC when sharing printers and files, just disable on the NIC for your Internet connexion." }-

I don't have a server-like PC as you two guys have. As I already mentioned all computers are directly connected to the router. If your suggestion still works for my case, please give me additional information of how to do it.

Here some additional information about the NetBEUI protocol:

The NetBEUI protocol was developed in 1985. It is used by network operating systems such as Microsoft LAN Manager, Microsoft Windows for Workgroups, Microsoft Windows 95, and Microsoft Windows NT. The NetBEUI protocol implements the OSI LLC2 protocol, and is a non-routable protocol.

You can install NetBEUI in Windows XP, but it is an unsupported protocol.

Best regards!

Patrice

Patrice, if you haven't figured out how to share files without Netbios, have your tried IPX/SPX, or NetBEUI yet?
What I did on my lan was use the IPX/SPX protocol for my XP computer to My gateway, which is a Win2K computer. and I used NetBEUI for my Win98 SELite to the Win2K Computer.
You should be able to uninstall netbios on your nic properties and install the NWLink IPX/SPX protocol.
Where you said,
"If I disable NWLink-NetBIOS and NWLink IPX/SPX/NetBIOS compatible protocol (they are linked together) on one of the computers, I'm not able to connect to the other computer and grab the files in the shared folder or use the network printer", did you try new settings of IPX/SPX on two computers and see if they could see each other and share?

Hi root!

Mhhh... You mean I uncheck NWLink-NetBIOS in the NIC properties on all computers, but I leave NWLink IPX/SPX/NetBIOS activated? Did I get your suggestion right?

Regards!

Patrice

Hmm...........
I just checked my XP machine and I still have Netbios checked, it's just not being used.
I think if you have two machines that have the IPX/SPX protocol installed, they should communicate thru that protocol. If you cannot share files between the two machines, make sure your firewall is not blocking it. I use Outpost, and Outpost does not filter NetBEUI or IPX/SPX, but I don't know about LNS.

Hi root!

If you install NetBIOS, these two protocols are added on your system:

NWLink-NetBIOS
NWLink IPX/SPX/NetBIOS

I can try and play with it. Deactivating NWLink-NetBIOS, activate NWLink IPX/SPX/NetBIOS. But I'm not sure if there's a benefit of it.

Look'n'Stop is set correctly. I added rules (MAC address), so that the other computers can communicate with each other. Overall I think without NetBIOS enabled you can't communicate between the different computers. But unfortunately I don't understand all the technical stuff which is mentioned in most solutions in the Microsoft Knowledge Base.

Somehow NetBIOS and Co. is tricky... :P

Regards!

Patrice

Maybe a less technical explanation helps:

"NetBIOS -- What is it?

Without getting too technical, it's what lets you do file/printer sharing over the network on Windows-based machines.

NetBIOS name:

Each computer running Windows has a NetBIOS name; you can view/change it on the identification tab in Control Panel -> Network. Various services & client tools, including Network Neighborhood and NET USE, use NetBIOS names. The NetBIOS name is specified when Windows networking is installed/configured. In order to connect to a computer running TCP/IP via its NetBIOS name, the name must be resolved to an IP Address (the NetBIOS name-IP address resolution is often done by WINS - NetBIOS Name Server). A computer's NetBIOS name is often the same as that computer's host name (see below), but it doesn't have to be.

Host name:

A Windows machine's NetBIOS name is not to be confused with the computer's host name. Each computer running TCP/IP (whether it's a Windows machine or not) has a host name (also sometimes called a machine name). You can view/change it on the DNS tab in Control Panel -> Network -> TCP/IP -> Properties Host names are used by applications such as telnet, ftp, web browsers, etc. In order to connect to a computer running the TCP/IP protocol using its HOST name, the host name must be resolved into an IP Address (the host name or FQDN (Fully Qualified Domain Name)-IP address resolution is typically done by something called DNS - Domain Name System/Service). Changing a computer's Host name DOES NOT change its NetBIOS name."

Found that here: http://www.chemistry.ohio-state.edu/compsupp/Faqs/netbios.html

Regards,

Pieter