NetBIOS / SMB Remote Host Information Disclosure


  • Finding:
    Windows NetBIOS / SMB Remote Host Information Disclosure
    137/udp netbios-ns

    It is possible to obtain the network name of the remote host.
    The remote host listens on UDP port 137 or TCP port 445 and replies to NetBIOS nbtscan or SMB requests. A potential attacker can enumerate remote resources, prior to attempting a compromise.

    It is recommended to evaluate the need to allow netbios requests to be acknowledged. This is typically an internal network protocol and in the case of a web server, should be turned off.

    My question is how to disable the netbios requests to be acknowledged yet having the netbios enabled? Through registry or disable netbios completely through interface?

    Saturday, May 26, 2012 4:37 PM


All replies