Re: netBIOS Alert

From: sponge (mtubi@python.net)
Date: 01/21/02 

From: mtubi@python.net (sponge)
Date: Mon, 21 Jan 2002 10:06:54 GMT

 BTW, since you're using IE 6 (presumably with the Alexa spyware built
in) you should go over to www.lavasoft.de and download Ad-Aware. It's
oneof the most important programs you could have.

 You also might want to download Tiny Personal Firewall
(www.tinysoftware.com) and block (filter) the following IPs.
209.247.41.0 (use mask of 255.255.255.0)
224.0.0.0.0 (use mask of 255.0.0.0)
209.247.255 (255.255.255.0)

On Mon, 21 Jan 2002 10:05:45 GMT, mtubi@python.net (sponge) wrote:

> Remove Client for Microsoft Networks. That was what I was talking
>about, just couldn't remember the exact name. That'll fix your NetBIOS
>problem and also as a side benefit make your system immune to 90% of
>the most common hacks. (Which, FYI, occur on ports 137, 138, and 139,
>the NetBIOS ports.)
> After removing it, check you TCP/IP component again and make sure
>it's not still bound to TCP/IP. That has the same effect of the
>checkbox "I want to enable NetBIOS over TCP/IP" - apparently Me does
>it a bit differently than NT and 98, which are the only Windows
>platforms I work with or are willing to. If CMN is gone (and from your
>description you should be left with a blank box under Bindings in
>TCP/IP) then you're set.
>
>On Sun, 20 Jan 2002 17:37:57 GMT, "R." <@worldnet.att.net> wrote:
>
>>
>>"sponge" <mtubi@python.net> wrote in message
>>news:a2e0b0$h6n$1@bob.news.rcn.net...
>>> What OS are you using? And what IP is it trying or successfully
>>> connecting to?
>>> ConXion is Microsoft's server service. They provide server space for
>>> updates and software downloads and the like, and they probably collect
>>> the registration data and hardware profiles of each Windows user there
>>> as well there. If you're using XP, that might explain it.
>>> As far as getting rid of this, just go into Start/Settings/Control
>>> Panel/Network. You will see an icon for a protocol (looks like a plug
>>> in Win98). Click on the one appropriate to your connection and click
>>> the tab called NetBIOS at the top of the Window that pops up. Uncheck
>>> "I want to enable NetBIOS over TCP/IP". Then click Ok.
>>> IFor added security, and only if you're not networked (and I assume
>>> you're not planning on it because you don't have File/Print Sharing
>>> enabled) you also should remove Microsoft Client and Internet
>>> Connection Sharing (ICS) from the Network window. Then, one at a time,
>>> click on each protocol and adapter on the list (everything) and click
>>> Properties. On the window that pops up, click the tab called Bindings.
>>> Uncheck everything except TCP/IP. That'll insulate you from a lot of
>>> common hacks and general nuisances.
>>>
>>> Oh, and if you're using XP, check out Steve Gibson's site on the
>>> dangers of XP's Plug and Play:
>>> http://grc.com/default.htm
>>>
>>> And, finally, get your self a firewall with IP filtering capability
>>> like Tiny Personal Firewall and also DNSKong and block both Microsoft
>>> and Conxion.
>>
>>Thanks for the reply. Well I have Windows ME and Explorer 6.
>>
>>I checked in Network and I have no tab that says NetBios. I also did not
>>see a Microsoft Client and Internet
>>Connection Sharing (ICS) there. What I have listed are: "Client for
>>Microsoft Networks", "Dial-Up Adaptor" and "TCP/IP". Bindings under TCP/IP
>>Properties has "Client for Microsoft Networks" listed (checked). And under
>>Dial-Up Adaptor Bindings has only "TCP/IP" (checked).
>>
>>Here's the information from Zone Alarm:
>>
>>_______________________________
>>
>>ZoneAlarm has blocked an inbound communication on NetBIOS port 137 on your
>>computer
>>
>>The IP address it is trying to connect to is: 63.59.121.xxx
>>port 137
>>
>>"Should I be concerned?
>>No. ZoneAlarm has blocked the connection attempt, so no harm can come to
>>your computer as a result. If 206.204.202.21 is an address on your local
>>network, one possible explanation is a DHCP server is attempting to renew
>>your IP address. Both DHCP and NetBIOS are common on most local area
>>networks using Windows platform domains. The address could also belong to a
>>DNS server or another LAN-specific server. If 206.204.202.21 is not on your
>>LAN, the probe could be a port scan. A port scan typically has the ability
>>to retrieve data from a computer (such as what type of operating system you
>>are using) even if a connection attempt failed. Because you are using
>>ZoneAlarm, no details regarding your computer have been made available to
>>the individual who initiated the port scan. That individual has most likely
>>moved on to seek out computers which are not protected.
>>
>>Should I be concerned?
>>No. Though this particular connection attempt was to a NetBIOS port. As a
>>consequence of it's legitimate pupose, NetBIOS can also be used for
>>unscrupulous purposes. ZoneAlarm allows you to control who has access to
>>NetBIOS on your computer. Because you are running ZoneAlarm, your NetBIOS
>>ports are hidden from computers on the Internet.
>>
>>What should I do?
>>NetBIOS is intended to ensure your computer's resources are made available
>>to other computers on a network. But you probably don't want the entire
>>Internet to share your files. Using passwords to secure your file and
>>printer sharing is a basic step in preventing unauthorized browsing,
>>running, or deletion of files from your computer. Because some Windows
>>computers come preconfigured with insecure NetBIOS configurations, it is a
>>good idea to make sure you have password protection set up on your shares.
>>To perform this properly, please consult Microsoft's online or print help
>>resources."
>>
>>
>>
>>
>

Relevant Pages

  • Re: Need help interpretting browstat output
    ... All computers only have tcp/ip and use NetBIOS over tcp/ip. ... and enable "Use DNS for Windows Resolution". ... To ensure successful communication on a network, ... On Windows networks running TCP/IP, the following options exist for name ...
    (microsoft.public.windowsxp.network_web)
  • Field Engineers Toolkit
    ... client site, troubleshoot the problem on the Windows boxes & find no issues, ... device and fail because they lack the correct tools to a)troubleshoot network ... not have all of these programs on your laptop. ... space, plenty of RAM, a network port, a modem port, wireless capability, and ...
    (microsoft.public.windows.server.networking)
  • RE: Printing from Win9x clients stops
    ... since this issue only occurs on all Windows 9x ... Open Server Management Console, ... Verify basic network connectivity. ... >> Create a local printer and in the Ports section, ...
    (microsoft.public.windows.server.sbs)
  • Re: netBIOS Alert
    ... My Network Places has disappeared from the desk top, ... Lastly, I like Zonealarm. ... That'll fix your NetBIOS ... the probe could be a port scan. ...
    (comp.security.firewalls)
  • RE: With SP1, zillions of port 137 and 138 denials
    ... UDP 138 is a kind of "NETBIOS Datagram Service" communication port. ... As for the "Windows Firewall spoof errors", could you let up know the exact ... conclude that its name was in conflict. ...
    (microsoft.public.windows.server.sbs)