Re: netBIOS Alert
From: R. (@worldnet.att.net)Date: 01/21/02
- Next message: Dennis Heidner: "Re: Symantec Enterprise Firewall (Axent) with ADSL"
- Previous message: Dennis Heidner: "Re: syn flooding"
- In reply to: sponge: "Re: netBIOS Alert"
- Reply: tracker: "Re: netBIOS Alert"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "R." <@worldnet.att.net> Date: Mon, 21 Jan 2002 08:17:32 GMT
Thanks much. Could you indulge me a few questions though? I noticed some
changes. My Network Places has disappeared from the desk top, and more
annoying, I am being asked twice for passwords to get into my email and on
the net. The Remember Password box is grayed. Can I get around this? Or
are these the passwords to which the ZoneAlarm alert is referring (and if
not, which are?)? I'm not sure how secure they are. Also does removing
CfMN close these ports? Any down side to this?
What exactly does "Client for Microsoft Networks" do anyway?
Lastly, I like Zonealarm. If I also installed TPF wouldn't that just eat a
lot more into my resources? On the other hand, would I need to remove CfMN
if I can just close ports 137, 138 & 139 with TPF (and not have to go
through the password thing everytime I connect)?
By the way: I have Ad-Aware. All it's ever discovered was a pesky
"doubleclick" component which Ad-Aware couldn't get rid of. Eraser did
however. But I like it. It's one of 5 or 6 great spyware free programs
I've downloaded from CNET.
"sponge" <mtubi@python.net> wrote in message
news:a2gek3$kqg$2@bob.news.rcn.net...
> BTW, since you're using IE 6 (presumably with the Alexa spyware built
> in) you should go over to www.lavasoft.de and download Ad-Aware. It's
> oneof the most important programs you could have.
>
> You also might want to download Tiny Personal Firewall
> (www.tinysoftware.com) and block (filter) the following IPs.
> 209.247.41.0 (use mask of 255.255.255.0)
> 224.0.0.0.0 (use mask of 255.0.0.0)
> 209.247.255 (255.255.255.0)
>
>
> On Mon, 21 Jan 2002 10:05:45 GMT, mtubi@python.net (sponge) wrote:
>
> > Remove Client for Microsoft Networks. That was what I was talking
> >about, just couldn't remember the exact name. That'll fix your NetBIOS
> >problem and also as a side benefit make your system immune to 90% of
> >the most common hacks. (Which, FYI, occur on ports 137, 138, and 139,
> >the NetBIOS ports.)
> > After removing it, check you TCP/IP component again and make sure
> >it's not still bound to TCP/IP. That has the same effect of the
> >checkbox "I want to enable NetBIOS over TCP/IP" - apparently Me does
> >it a bit differently than NT and 98, which are the only Windows
> >platforms I work with or are willing to. If CMN is gone (and from your
> >description you should be left with a blank box under Bindings in
> >TCP/IP) then you're set.
> >
> >On Sun, 20 Jan 2002 17:37:57 GMT, "R." <@worldnet.att.net> wrote:
> >
> >>
> >>"sponge" <mtubi@python.net> wrote in message
> >>news:a2e0b0$h6n$1@bob.news.rcn.net...
> >>> What OS are you using? And what IP is it trying or successfully
> >>> connecting to?
> >>> ConXion is Microsoft's server service. They provide server space for
> >>> updates and software downloads and the like, and they probably collect
> >>> the registration data and hardware profiles of each Windows user there
> >>> as well there. If you're using XP, that might explain it.
> >>> As far as getting rid of this, just go into Start/Settings/Control
> >>> Panel/Network. You will see an icon for a protocol (looks like a plug
> >>> in Win98). Click on the one appropriate to your connection and click
> >>> the tab called NetBIOS at the top of the Window that pops up. Uncheck
> >>> "I want to enable NetBIOS over TCP/IP". Then click Ok.
> >>> IFor added security, and only if you're not networked (and I assume
> >>> you're not planning on it because you don't have File/Print Sharing
> >>> enabled) you also should remove Microsoft Client and Internet
> >>> Connection Sharing (ICS) from the Network window. Then, one at a time,
> >>> click on each protocol and adapter on the list (everything) and click
> >>> Properties. On the window that pops up, click the tab called Bindings.
> >>> Uncheck everything except TCP/IP. That'll insulate you from a lot of
> >>> common hacks and general nuisances.
> >>>
> >>> Oh, and if you're using XP, check out Steve Gibson's site on the
> >>> dangers of XP's Plug and Play:
> >>> http://grc.com/default.htm
> >>>
> >>> And, finally, get your self a firewall with IP filtering capability
> >>> like Tiny Personal Firewall and also DNSKong and block both Microsoft
> >>> and Conxion.
> >>
> >>Thanks for the reply. Well I have Windows ME and Explorer 6.
> >>
> >>I checked in Network and I have no tab that says NetBios. I also did
not
> >>see a Microsoft Client and Internet
> >>Connection Sharing (ICS) there. What I have listed are: "Client for
> >>Microsoft Networks", "Dial-Up Adaptor" and "TCP/IP". Bindings under
TCP/IP
> >>Properties has "Client for Microsoft Networks" listed (checked). And
under
> >>Dial-Up Adaptor Bindings has only "TCP/IP" (checked).
> >>
> >>Here's the information from Zone Alarm:
> >>
> >>_______________________________
> >>
> >>ZoneAlarm has blocked an inbound communication on NetBIOS port 137 on
your
> >>computer
> >>
> >>The IP address it is trying to connect to is: 63.59.121.xxx
> >>port 137
> >>
> >>"Should I be concerned?
> >>No. ZoneAlarm has blocked the connection attempt, so no harm can come to
> >>your computer as a result. If 206.204.202.21 is an address on your local
> >>network, one possible explanation is a DHCP server is attempting to
renew
> >>your IP address. Both DHCP and NetBIOS are common on most local area
> >>networks using Windows platform domains. The address could also belong
to a
> >>DNS server or another LAN-specific server. If 206.204.202.21 is not on
your
> >>LAN, the probe could be a port scan. A port scan typically has the
ability
> >>to retrieve data from a computer (such as what type of operating system
you
> >>are using) even if a connection attempt failed. Because you are using
> >>ZoneAlarm, no details regarding your computer have been made available
to
> >>the individual who initiated the port scan. That individual has most
likely
> >>moved on to seek out computers which are not protected.
> >>
> >>Should I be concerned?
> >>No. Though this particular connection attempt was to a NetBIOS port. As
a
> >>consequence of it's legitimate pupose, NetBIOS can also be used for
> >>unscrupulous purposes. ZoneAlarm allows you to control who has access to
> >>NetBIOS on your computer. Because you are running ZoneAlarm, your
NetBIOS
> >>ports are hidden from computers on the Internet.
> >>
> >>What should I do?
> >>NetBIOS is intended to ensure your computer's resources are made
available
> >>to other computers on a network. But you probably don't want the entire
> >>Internet to share your files. Using passwords to secure your file and
> >>printer sharing is a basic step in preventing unauthorized browsing,
> >>running, or deletion of files from your computer. Because some Windows
> >>computers come preconfigured with insecure NetBIOS configurations, it is
a
> >>good idea to make sure you have password protection set up on your
shares.
> >>To perform this properly, please consult Microsoft's online or print
help
> >>resources."
> >>
> >>
> >>
> >>
> >
>
- Next message: Dennis Heidner: "Re: Symantec Enterprise Firewall (Axent) with ADSL"
- Previous message: Dennis Heidner: "Re: syn flooding"
- In reply to: sponge: "Re: netBIOS Alert"
- Reply: tracker: "Re: netBIOS Alert"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
