Re: netBIOS Alert
From: Lance Delacroix (lance_delacroix@fastmail.fm)Date: 01/21/02
- Next message: abc: "what the heck is this?"
- Previous message: Tim Haynes: "Re: nmap reports filtered udp ports to be open !?"
- In reply to: sponge: "Re: netBIOS Alert"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Lance Delacroix <lance_delacroix@fastmail.fm> Date: Mon, 21 Jan 2002 22:31:38 +0200
On Mon, 21 Jan 2002 10:05:45 GMT, mtubi@python.net (sponge) wrote:
> Remove Client for Microsoft Networks. That was what I was talking
>about, just couldn't remember the exact name. That'll fix your NetBIOS
>problem and also as a side benefit make your system immune to 90% of
>the most common hacks. (Which, FYI, occur on ports 137, 138, and 139,
>the NetBIOS ports.)
> After removing it, check you TCP/IP component again and make sure
>it's not still bound to TCP/IP. That has the same effect of the
>checkbox "I want to enable NetBIOS over TCP/IP" - apparently Me does
>it a bit differently than NT and 98,
With ME you unbind MSN (and anything else) inTCP/IP, but in Dialup
Adapter you remain bound to TCP/IP. This is from the Shields Up!
forum. I did it and it worked fine.
>which are the only Windows
>platforms I work with or are willing to. If CMN is gone (and from your
>description you should be left with a blank box under Bindings in
>TCP/IP) then you're set.
>
>On Sun, 20 Jan 2002 17:37:57 GMT, "R." <@worldnet.att.net> wrote:
>
>>
>>"sponge" <mtubi@python.net> wrote in message
>>news:a2e0b0$h6n$1@bob.news.rcn.net...
>>> What OS are you using? And what IP is it trying or successfully
>>> connecting to?
>>> ConXion is Microsoft's server service. They provide server space for
>>> updates and software downloads and the like, and they probably collect
>>> the registration data and hardware profiles of each Windows user there
>>> as well there. If you're using XP, that might explain it.
>>> As far as getting rid of this, just go into Start/Settings/Control
>>> Panel/Network. You will see an icon for a protocol (looks like a plug
>>> in Win98). Click on the one appropriate to your connection and click
>>> the tab called NetBIOS at the top of the Window that pops up. Uncheck
>>> "I want to enable NetBIOS over TCP/IP". Then click Ok.
>>> IFor added security, and only if you're not networked (and I assume
>>> you're not planning on it because you don't have File/Print Sharing
>>> enabled) you also should remove Microsoft Client and Internet
>>> Connection Sharing (ICS) from the Network window. Then, one at a time,
>>> click on each protocol and adapter on the list (everything) and click
>>> Properties. On the window that pops up, click the tab called Bindings.
>>> Uncheck everything except TCP/IP. That'll insulate you from a lot of
>>> common hacks and general nuisances.
>>>
>>> Oh, and if you're using XP, check out Steve Gibson's site on the
>>> dangers of XP's Plug and Play:
>>> http://grc.com/default.htm
>>>
>>> And, finally, get your self a firewall with IP filtering capability
>>> like Tiny Personal Firewall and also DNSKong and block both Microsoft
>>> and Conxion.
>>
>>Thanks for the reply. Well I have Windows ME and Explorer 6.
>>
>>I checked in Network and I have no tab that says NetBios. I also did not
>>see a Microsoft Client and Internet
>>Connection Sharing (ICS) there. What I have listed are: "Client for
>>Microsoft Networks", "Dial-Up Adaptor" and "TCP/IP". Bindings under TCP/IP
>>Properties has "Client for Microsoft Networks" listed (checked). And under
>>Dial-Up Adaptor Bindings has only "TCP/IP" (checked).
>>
>>Here's the information from Zone Alarm:
>>
>>_______________________________
>>
>>ZoneAlarm has blocked an inbound communication on NetBIOS port 137 on your
>>computer
>>
>>The IP address it is trying to connect to is: 63.59.121.xxx
>>port 137
>>
>>"Should I be concerned?
>>No. ZoneAlarm has blocked the connection attempt, so no harm can come to
>>your computer as a result. If 206.204.202.21 is an address on your local
>>network, one possible explanation is a DHCP server is attempting to renew
>>your IP address. Both DHCP and NetBIOS are common on most local area
>>networks using Windows platform domains. The address could also belong to a
>>DNS server or another LAN-specific server. If 206.204.202.21 is not on your
>>LAN, the probe could be a port scan. A port scan typically has the ability
>>to retrieve data from a computer (such as what type of operating system you
>>are using) even if a connection attempt failed. Because you are using
>>ZoneAlarm, no details regarding your computer have been made available to
>>the individual who initiated the port scan. That individual has most likely
>>moved on to seek out computers which are not protected.
>>
>>Should I be concerned?
>>No. Though this particular connection attempt was to a NetBIOS port. As a
>>consequence of it's legitimate pupose, NetBIOS can also be used for
>>unscrupulous purposes. ZoneAlarm allows you to control who has access to
>>NetBIOS on your computer. Because you are running ZoneAlarm, your NetBIOS
>>ports are hidden from computers on the Internet.
>>
>>What should I do?
>>NetBIOS is intended to ensure your computer's resources are made available
>>to other computers on a network. But you probably don't want the entire
>>Internet to share your files. Using passwords to secure your file and
>>printer sharing is a basic step in preventing unauthorized browsing,
>>running, or deletion of files from your computer. Because some Windows
>>computers come preconfigured with insecure NetBIOS configurations, it is a
>>good idea to make sure you have password protection set up on your shares.
>>To perform this properly, please consult Microsoft's online or print help
>>resources."
>>
>>
>>
>>
- Next message: abc: "what the heck is this?"
- Previous message: Tim Haynes: "Re: nmap reports filtered udp ports to be open !?"
- In reply to: sponge: "Re: netBIOS Alert"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
