Re: How to Plug Netbios SSN ( Port TCP/139 ) vulnerability in Windows NT/2000

From: S. Pidgorny [MVP] (slavickp@yahoo.com)
Date: 12/19/02

Next message: Joel Jimenez: "Security Update Valid?"
Previous message: S. Pidgorny [MVP]: "Re: Security over LAN or WAN"
In reply to: Karl Levinson [x y] mvp: "Re: How to Plug Netbios SSN ( Port TCP/139 ) vulnerability in Windows NT/2000"
Next in thread: Pavlov: "Re: How to Plug Netbios SSN ( Port TCP/139 ) vulnerability in Windows NT/2000"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "S. Pidgorny [MVP]" <slavickp@yahoo.com>
Date: Fri, 20 Dec 2002 00:06:36 +1100

That's right.

In Windows 2000 and above, NetBIOS over TCP/IP can be disabled in TCP/IP
properties (right-click Network Neighborhood - Properties - select i/face -
right-click - properties - select Internet Protocol (TCP/IP) - Properties -
Advanced - WINS tab - select Disable NetBIOS over TCP/IP).

But maybe that doesn't solve your problem. Do yu consider NetBT itself as a
vulnerability , or there's something particular you want to fix.

--
Svyatoslav Pidgorny, MS MVP, MCSE
-= F1 is the key =-
"Karl Levinson [x y] mvp" <levinson_k@excite.com> wrote in message
news:uBnNAi1pCHA.1960@TK2MSFTNGP10...
>
> "Ajay Kumar" <akgupta2001@indiatimes.com> wrote in message
> news:03e201c2a718$ea4613b0$d6f82ecf@TK2MSFTNGXA13...
> > Hi,
> >
> > I was trying to work out procedure to plug the Netbios SSN
> > ( port TCP/139 ) vulnerability on my systems but Inspite
> > of removing Netbios Interface, scan is showing this
> > particular port active.
>
> I'm not exactly sure what exactly you did to try to disable NetBIOS, but
> www.google.com and probably www.grc.com should have a variety of
> instructions for disabling NetBIOS.
>
> Port scanners are not always reliable or accurate.
>
> Closing that port properly is useful, though I would also recommend a
> firewall of some sort as well, since even a closed port can leak data
> through a number of ways.  www.sygate.com and others are free.
>
> http://securityadmin.info/faq.htm#firewall
> http://securityadmin.info/faq.htm#harden
>
>
>

Next message: Joel Jimenez: "Security Update Valid?"
Previous message: S. Pidgorny [MVP]: "Re: Security over LAN or WAN"
In reply to: Karl Levinson [x y] mvp: "Re: How to Plug Netbios SSN ( Port TCP/139 ) vulnerability in Windows NT/2000"
Next in thread: Pavlov: "Re: How to Plug Netbios SSN ( Port TCP/139 ) vulnerability in Windows NT/2000"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: NetBT Event ID 4311
... " Disable NetBios Over TCP/IP on your NIC properties: ... "morog" wrote: ... Do you have other machines sharing the connection with? ...
(microsoft.public.windowsxp.help_and_support)
Re: closing port 445
... > I see that several services use port 445 in winxp: ... > netbios over tcp/ip, and others. ... > disable netbios over tcp/ip for the internet connection? ... > sasser uses would be closed. ...
(microsoft.public.security.virus)
Re: NAT Security
... You can also disable netbios over tcp/ip in the tcp/ip ... If you don't want to use a personal firewall, ... > Thanks for the great information, I have noticed that the Netbios Port is open and ...
(microsoft.public.win2000.security)
Re: disable netbios - net adapter vs. tcp/ip helper service
... To disable Netbios over TCP/IP on an interface you do it using a radio button on the WINS tab. ... Network Browsing, Network Places, Network Neighborhood (whatever you want to ... > TCP/IP for each client network adapter without any problems, ...
(microsoft.public.windows.server.networking)
Re: Wrong ip address
... Erase all wrong name-to-IP resolution entries in your DNS. ... To do this select "WINS" tab in advanced properties of TCP/IP, ... tab select "Disable NetBIOS over TCP/IP" option. ...
(microsoft.public.windows.server.setup)