locked
NetBIOS / SMB Remote Host Information Disclosure RRS feed

  • Question

  • Finding:
    Windows NetBIOS / SMB Remote Host Information Disclosure
    137/udp netbios-ns

    Risk:
    It is possible to obtain the network name of the remote host.
    The remote host listens on UDP port 137 or TCP port 445 and replies to NetBIOS nbtscan or SMB requests. A potential attacker can enumerate remote resources, prior to attempting a compromise.

    Recommendation:
    It is recommended to evaluate the need to allow netbios requests to be acknowledged. This is typically an internal network protocol and in the case of a web server, should be turned off.

    My question is how to disable the netbios requests to be acknowledged yet having the netbios enabled? Through registry or disable netbios completely through interface?



    Saturday, May 26, 2012 4:37 PM

Answers

All replies

  • Hello, 

    I recommend you read below articles to meet your requirements.

     http://www.petri.co.il/disable_netbios_in_w2k_xp_2003.htm

    http://technet.microsoft.com/en-us/library/cc940063.aspx


    Regards, Ravikumar P

    Sunday, May 27, 2012 6:12 AM
  • You might try the following:

    1.) From the Network and Dial-up Connections icon in Control Panel , select Local Area Connection and right-click Properties .
    2.) On the General tab, click Internet Protocol (TCP/IP) in the list of components, and click the Properties button.
    3.) Click the Advanced button.
    4.) Click the WINS tab. Click Disable NetBIOS over TCP/IP.

    See here:

    http://www.admin-enclave.com/en/articles/windows/152-solving-windows-netbios-smb-remote-host-information-disclosure.html

    Monday, February 13, 2017 5:57 PM