Re: netBIOS Alert
From: sponge (mtubi@python.net)Date: 01/21/02
- Next message: sponge: "Re: netBIOS Alert"
- Previous message: Patrick Farrell: "Re: Routing Morpheus through AOL"
- In reply to: R.: "Re: netBIOS Alert"
- Next in thread: sponge: "Re: netBIOS Alert"
- Reply: sponge: "Re: netBIOS Alert"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: mtubi@python.net (sponge) Date: Mon, 21 Jan 2002 10:05:45 GMT
Remove Client for Microsoft Networks. That was what I was talking
about, just couldn't remember the exact name. That'll fix your NetBIOS
problem and also as a side benefit make your system immune to 90% of
the most common hacks. (Which, FYI, occur on ports 137, 138, and 139,
the NetBIOS ports.)
After removing it, check you TCP/IP component again and make sure
it's not still bound to TCP/IP. That has the same effect of the
checkbox "I want to enable NetBIOS over TCP/IP" - apparently Me does
it a bit differently than NT and 98, which are the only Windows
platforms I work with or are willing to. If CMN is gone (and from your
description you should be left with a blank box under Bindings in
TCP/IP) then you're set.
On Sun, 20 Jan 2002 17:37:57 GMT, "R." <@worldnet.att.net> wrote:
>
>"sponge" <mtubi@python.net> wrote in message
>news:a2e0b0$h6n$1@bob.news.rcn.net...
>> What OS are you using? And what IP is it trying or successfully
>> connecting to?
>> ConXion is Microsoft's server service. They provide server space for
>> updates and software downloads and the like, and they probably collect
>> the registration data and hardware profiles of each Windows user there
>> as well there. If you're using XP, that might explain it.
>> As far as getting rid of this, just go into Start/Settings/Control
>> Panel/Network. You will see an icon for a protocol (looks like a plug
>> in Win98). Click on the one appropriate to your connection and click
>> the tab called NetBIOS at the top of the Window that pops up. Uncheck
>> "I want to enable NetBIOS over TCP/IP". Then click Ok.
>> IFor added security, and only if you're not networked (and I assume
>> you're not planning on it because you don't have File/Print Sharing
>> enabled) you also should remove Microsoft Client and Internet
>> Connection Sharing (ICS) from the Network window. Then, one at a time,
>> click on each protocol and adapter on the list (everything) and click
>> Properties. On the window that pops up, click the tab called Bindings.
>> Uncheck everything except TCP/IP. That'll insulate you from a lot of
>> common hacks and general nuisances.
>>
>> Oh, and if you're using XP, check out Steve Gibson's site on the
>> dangers of XP's Plug and Play:
>> http://grc.com/default.htm
>>
>> And, finally, get your self a firewall with IP filtering capability
>> like Tiny Personal Firewall and also DNSKong and block both Microsoft
>> and Conxion.
>
>Thanks for the reply. Well I have Windows ME and Explorer 6.
>
>I checked in Network and I have no tab that says NetBios. I also did not
>see a Microsoft Client and Internet
>Connection Sharing (ICS) there. What I have listed are: "Client for
>Microsoft Networks", "Dial-Up Adaptor" and "TCP/IP". Bindings under TCP/IP
>Properties has "Client for Microsoft Networks" listed (checked). And under
>Dial-Up Adaptor Bindings has only "TCP/IP" (checked).
>
>Here's the information from Zone Alarm:
>
>_______________________________
>
>ZoneAlarm has blocked an inbound communication on NetBIOS port 137 on your
>computer
>
>The IP address it is trying to connect to is: 63.59.121.xxx
>port 137
>
>"Should I be concerned?
>No. ZoneAlarm has blocked the connection attempt, so no harm can come to
>your computer as a result. If 206.204.202.21 is an address on your local
>network, one possible explanation is a DHCP server is attempting to renew
>your IP address. Both DHCP and NetBIOS are common on most local area
>networks using Windows platform domains. The address could also belong to a
>DNS server or another LAN-specific server. If 206.204.202.21 is not on your
>LAN, the probe could be a port scan. A port scan typically has the ability
>to retrieve data from a computer (such as what type of operating system you
>are using) even if a connection attempt failed. Because you are using
>ZoneAlarm, no details regarding your computer have been made available to
>the individual who initiated the port scan. That individual has most likely
>moved on to seek out computers which are not protected.
>
>Should I be concerned?
>No. Though this particular connection attempt was to a NetBIOS port. As a
>consequence of it's legitimate pupose, NetBIOS can also be used for
>unscrupulous purposes. ZoneAlarm allows you to control who has access to
>NetBIOS on your computer. Because you are running ZoneAlarm, your NetBIOS
>ports are hidden from computers on the Internet.
>
>What should I do?
>NetBIOS is intended to ensure your computer's resources are made available
>to other computers on a network. But you probably don't want the entire
>Internet to share your files. Using passwords to secure your file and
>printer sharing is a basic step in preventing unauthorized browsing,
>running, or deletion of files from your computer. Because some Windows
>computers come preconfigured with insecure NetBIOS configurations, it is a
>good idea to make sure you have password protection set up on your shares.
>To perform this properly, please consult Microsoft's online or print help
>resources."
>
>
>
>
- Next message: sponge: "Re: netBIOS Alert"
- Previous message: Patrick Farrell: "Re: Routing Morpheus through AOL"
- In reply to: R.: "Re: netBIOS Alert"
- Next in thread: sponge: "Re: netBIOS Alert"
- Reply: sponge: "Re: netBIOS Alert"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
