NetBIOS

Discussion in 'privacy problems' started by Patrice, Apr 20, 2003.

Thread Status:
Not open for further replies.
  1. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi everyone!

    I have a question concerning NetBIOS. I know there's written a lot about it and why you should disable it. Nevertheless I'm using it... I'm behind a router, which stealthens our network. Behind the router we have several computers, all have Windows XP Professional installed. There's one printer everyone has access to and we share some folders on all computers. On the computers there's TDS-3, NAV 2003 and Look'n'Stop v2.04 installed.

    If I disable NetBIOS on the computers, the problems begin to occur (even tough Look'n'Stop is properly set and NOT blocking these requests). For example we aren't able to print anymore, we don't have the possibility to access the shared folders on the other computers,... Quite annoying as you certainly agree! :mad:

    So, now to my question. Is it possible to share files, print documents,... even though NetBIOS isn't activated? I've checked my router log and there is from time to time traffice between the ports 137 and 139 (both are related to NetBIOS), which I don't appreciate much. What are you doing, enabling or disabling NetBIOS?

    Thanks for your kind help!

    Best regards!

    Patrice
     
  2. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hello,

    Just disable NetBIOS with Protocol TCP/IP on your Internet NIC and don't on the other NIC.
     
  3. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi JacK!

    I don't think that works, because we have broadband... Everyone is connected to the internet directly. That means that I should disable it on every computer.

    Greetings!

    Patrice
     
  4. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hello,

    It works of course : no need NetBIOS on the Internet NIC to share printers and files on the LAN.
     
  5. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Sorry JacK if I'm asking you a stupid question. What exactly do you mean by NIC? For me, NIC has something to do with domain registry and web address registration... Am I completely wrong?

    I would really appreciate it if you could give me some additional information about how to do that (if I misunderstand it).

    Thanks!

    Patrice
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
  7. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    LOL! :D O.K., now I begin to understand!

    Thanks Pieter_Arntz!
     
  8. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Damn it! It still doesn't work... I just deactivated NetBIOS on the above mentioned computer, but when I try to connect to it from my computer (shares), it doesn't work. It's not allowed, it says... I don't have the permission to do that. Strange... Don't get it -what did I do wrong?

    Help appreciated! o_O
     
  9. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi Patrice,

    Not sure how you are set up (no experience with cable), but I have multiple connections on one NIC as well.
    NetBIOS over TCP/IP enabled on the network-connection and disabled on the Internet-connection.
    Can you do the same? Because it sounds as if you completely disabled it.

    Regards,

    Pieter
     
  10. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi Pieter_Arntz!

    All my computers are directly connected to the router. That means that they send/share data via the router. If I read your statement, it looks to me as if you have a server-like PC.

    If I misunderstand your statement, help me from the scratch. Perhaps I'm misled in a way...

    Regards!

    Patrice
     
  11. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    You´re correct. My network is set up like in the attachment.
     

    Attached Files:

  12. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    For file and print sharing on a network, if you disable netbios over tcp, you need to use another protocol for your network as far as I know. On XP you have IPX/SPX available and that is non routable, so it will work fine.
    The other alternative is NetBeui, but on XP I believe you have to hunt that protocol down on the XP disk somewhere.
    Perhaps I'm missing some thing here. I do not have a router or Hi speed connection, but I have a 3 computer lan with a hub. When I disabled Netbios, I definitely had to install another protocol for the nics to use to communicate with each other.
    Just thought I'd throw that out and see if I totally missed the boat here. :D
     
  13. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Where PC1 is acting as a server if I want to share my internet connection.
    So my Connections window looks like this.
    (Disregard Firewire connection).
    As you can see Microsoft Network Client and File- and Printersharing are checked for that connection. NetBIOS is enabled as well. These are all not enabled for the ADSL connection.
    Still not sure if this will work for cable.

    Regards,

    Pieter
     

    Attached Files:

  14. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi guys!

    root: I appreciated your post, I think like you. I'm in need of another protocol. But I'm not 100% sure about that.

    Pieter_Arntz: I don't see that you have NetBIOS enabled. In my connections window I got the following elements:

    -Client for Microsoft Networks
    -Printer and File Sharing
    -Look'n'Stop Driver (disregard this one)
    -NWLink-NetBIOS
    -NWLink IPX/SPX/NetBIOS compatible protocol
    -Internet protocol TCP/IP

    If I disable NWLink-NetBIOS and NWLink IPX/SPX/NetBIOS compatible protocol (they are linked together) on one of the computers, I'm not able to connect to the other computer and grab the files in the shared folder or use the network printer.

    Somehow I have to admit that I don't really understand the NetBIOS well. Sometimes networking on Windows computers is a bet -sometimes it works fine, sometimes it doesn't.

    Thanks for all your help so far!

    Patrice
     
  15. I_lack_commonsense

    I_lack_commonsense Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    44
    I would assume your router would protect your internal network from most threats involving NetBIOS. As network shares are usually unprotected (usually no password or access restrictions)... NetBIOS ports (137-139) are usually common targets for attackers. If you are behind a router that offers NAT for example... plus your software firewall... it will make it quite difficult for someone on the outside to get to those ports on your computer (unless of course you specifically configure your router to forward requests to those ports on your computer).

    If you didnt have the router, a good suggestion is to do what Jack and Pieter_Arntz suggested and make sure NetBIOS is turned off on the computer (NIC) that is directly connected to the cable or DSL modem.

    And I am also some what sure that if you want to use TCP/IP on a private network for file sharing that you must enable NetBIOS over TCP/IP.

    A good site to read about this kinda stuff with some good guides and tutorials is http://www.practicallynetworked.com.

    This one might be particularly helpful if this is what you are trying to do on your network http://www.practicallynetworked.com/sharing/xp_filesharing/

    Hope that helps

    Edit: Forgot to mention Jack
    Oh and keep in mind that if you decide to go with IPX or some other protocol, you may receive a performance hit when the primary protocol is not being used.
     
  16. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi I_lack_commonsense!

    Thanks for your answer! Actually I think like what you said here:
    Like that, my network is configured. I don't use a server-like PC. Every computer is connected directly to the router (and so to the internet).
    As far as I know, your second statement is correct as well. I always run into problems by disabling it.

    But nevertheless, according to my router log, there is some traffic on port 137. I still don't know what it is and if it's blocked by the router. I will hang on it and check it from now on more closely. There's not much traffic, but there is. I traced the IP's who are sending the signal, but til now I don't have a clue why they are sending it. Anyone of you uses a router and have the same entries in the router log?

    Perhaps I check this port with TDS-3 and start the so called TCP Port Listen Tool. Who knows, perhaps I get some really nice additional information.

    Best regards!

    Patrice
     
  17. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi guys!

    O.K., I was listening with TDS-3 TCP Port Listen utility on port 137 and guess what: nothing at all! As always when you wanna prove something...

    But I think I know why this traffic from time to time occurs. When you're surfing around some servers (websites) are sending signals and I suppose they also send a signal on port 137 to see who's connecting to them. That's why I got (inbound) traffic on port 137. But there's still the proof to be done! ;)

    Anyone of you has good other suggestions to that subject?

    Regards!

    Patrice
     
  18. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    If what you are seeing is showing logged as inbound with the destination IP being your WAN IP, it is traffic that is blocked by your router (BEFSR41 - correct?). As for inbound UDP 137 scans, there is still lots of that going on and is nothing to be worried about.

    As long as you are not forwarding anything through the router, it will stop all unsolicited inbound traffic. As mentioned by I_lack_commonsense this will protect systems on the LAN that may have shares and netbios enabled.

    To provide control over shares and access to netbios on the LAN systems, using a software firewall on those systems will accomplish this. Depending on the firewall in use this could be via a rule permitting any LAN traffic, netbios traffic only for LAN systems, trusted zones, etc. Just be sure to limit this traffic to LAN systems.

    Sample for rule permitting any LAN traffic:

    Rule xx Permit LAN Traffic
    Protocol: TCP or UDP
    Action: Permit
    Direction: Either
    Application: Any Application
    Local Service: Any Service
    Local Address: Any Address
    Remote Service: Any Service
    Remote Address:
    ......................IP: 192.168.1.xxx
    ......................IP: 192.168.1.xxx

    This example shows individual IP's for systems on the LAN, but could also be for an IP range or the subnet, your choice. This rule should be at the top of your rule set.

    With the router in place and software firewalls on the LAN systems you should be fine using netbios.

    Regards,

    CrazyM
     
  19. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi CrazyM!

    Thanks for your answer! Yes, the traffic on port 137 is blocked. If it's not blocked by the router, it will be blocked certainly by the firewall (Look'n'Stop). Nevertheless, NetBIOS has to be activated inside my network, otherwise it's not functioning correctly anymore (printer sharing/file sharing).

    I was just wondering if I could disable it inside the network, but according to my experiences I can't. My firewall is correctly set to accept traffic from the other computers. I made a rule, which accepts just traffic from the specific MAC addresses of the other computers.

    Thanks for all your help!

    Best regards!

    Patrice
     
  20. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    The blocked Inbound UDP 137 you are seeing is likely due to the bugbear worm/virus. For more info on the top ports being scanned you could take a look at incidents.org.

    Regards,

    CrazyM
     
  21. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hello Patrice,

    I have a LAN like Pieter's : a server and some clients ; you may NOT disable NetBIOSon your LAN NIC when sharing printers and files, just disable on the NIC for your Internet connexion.

    Rgds,
     
  22. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi Root,

    That's a good solution too. NetBEUI works fine on little LAN (less than 10 PC)

    You will find it on WinXP CD in VALUEADD\MSFT\NET\NETBEUI

    Copy nbf.sys into %SYSTEMROOT%\SYSTEM32\drivers\
    Copy netnbf.inf into %SYSTEMROOT%\INF\To install : go to NIC properties and click add Protocols.

    Rgds,
     
  23. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi JacK!
    I don't have a server-like PC as you two guys have. As I already mentioned all computers are directly connected to the router. If your suggestion still works for my case, please give me additional information of how to do it.

    Here some additional information about the NetBEUI protocol:

    The NetBEUI protocol was developed in 1985. It is used by network operating systems such as Microsoft LAN Manager, Microsoft Windows for Workgroups, Microsoft Windows 95, and Microsoft Windows NT. The NetBEUI protocol implements the OSI LLC2 protocol, and is a non-routable protocol.

    You can install NetBEUI in Windows XP, but it is an unsupported protocol.

    Best regards!

    Patrice
     
  24. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Patrice, if you haven't figured out how to share files without Netbios, have your tried IPX/SPX, or NetBEUI yet?
    What I did on my lan was use the IPX/SPX protocol for my XP computer to My gateway, which is a Win2K computer. and I used NetBEUI for my Win98 SELite to the Win2K Computer.
    You should be able to uninstall netbios on your nic properties and install the NWLink IPX/SPX protocol.
    Where you said,
    "If I disable NWLink-NetBIOS and NWLink IPX/SPX/NetBIOS compatible protocol (they are linked together) on one of the computers, I'm not able to connect to the other computer and grab the files in the shared folder or use the network printer", did you try new settings of IPX/SPX on two computers and see if they could see each other and share?
     
  25. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi root!

    Mhhh... You mean I uncheck NWLink-NetBIOS in the NIC properties on all computers, but I leave NWLink IPX/SPX/NetBIOS activated? Did I get your suggestion right?

    Regards!

    Patrice
     
Thread Status:
Not open for further replies.