Re: Effect of NetBIOS Over TCP on File Sharing

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 09/28/05 

Date: Wed, 28 Sep 2005 00:21:51 -0500

If you disable NBT your computer will no longer use ports 139 TCP, 137 UDP,
and 138 UDP. You will see that if you do a before and after using the
command netstat -an. My Network Places will no longer show computers and
network shares via the browse list, wins will not be used if the computer is
a wins client, and yes file and print sharing access will use only port 445
TCP.

In my opinion disabling NBT would have little impact on improving network
security other than creating some obscurity. There are much more important
things to do in the list of securing a network with enabling password
complexity and enforcing strong passwords being on top of the list and
taking advantage of technologies such as ipsec to secure sensitive servers
and data. NBT vulnerabilities got a lot of attention when the Hacking
Exposed type books started showing up and showed about how easy it was to
enumerate and logon to a network using NBT when it was NOT protected by a
firewall and weak or no passwords were used. The link below may be of
interest about NBT. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;299977

"Will" <westes-usc@noemail.nospam> wrote in message
news:%23%23Exui%23wFHA.3588@tk2msftngp13.phx.gbl...
> If NetBIOS over TCP is turned off on a workstation, will port 137 the
> NetBIOS Name Service be used at all?
>
> If NetBIOS over TCP is turned off, will file sharing from servers located
> through Active Directory take place only on port 445?
>
> Aside from making it impossible to do file sharing with older servers,
> will
> the the use of port 445 for file sharing give any greater level of
> security
> than using ports 138 and 139?
>
> --
> Will
>
>

Relevant Pages

  • Re: UDP vs TCP
    ... TCP for instance will break up a large packet into smaller ... into the packets and then the receiving app would have to read ... Network Layer -> ethernet ... DOMAIN over port 53 ...
    (microsoft.public.vb.enterprise)
  • Re: honeypot
    ... That allows me to see new malware port hunting. ... 66.120.0.0-66.127.255.255 # SBC Internet Services SBCIS-SIS80 ... 66.144.0.0-66.145.255.255 # State of Ohio Network Columbus OH ...
    (comp.security.misc)
  • Re: Port 1574
    ... I have one site which makes 2 new port checks once a week on Sunday ... 0.0.0.0/0 tcp 1025 # network blackjack dasher.a ... 0.0.0.0/0 tcp 5900 # vnc Virtual Network Computer ... 0.0.0.0/0 udp 1434 # Microsoft-SQL-Monitor ...
    (comp.security.firewalls)
  • Re: Port 1574
    ... I know I could tell my firewall not to bore me with those logs but the question is: do you know what kind of data passes through UDP 1574 port? ... 0.0.0.0/0 tcp 1025 # network blackjack dasher.a ... 0.0.0.0/0 tcp 5900 # vnc Virtual Network Computer ...
    (comp.security.firewalls)
  • Re: excessive TCP dulplicate acks revisted
    ... The tcp duplicate ACK attack is back. ... there was a thread on duplicate TCP acks in -CURRENT. ... TCP STREAM TEST from localhost port 0 AF_INET to greenhouse- george.18clay.com port 0 AF_INET ... Socket Socket Message Elapsed ...
    (freebsd-current)