I know how to hack (if u can call it hacking) NetBios, so I thought i'd scan my friend, see if he's running port 139, and he is, lol...
now I dont want him to be hacked, and he asked me how to be safe from NetBios hacking, and frankly, i dunno..hehe
Can anyone tell me how?

Thanks very much,

-Zivlet-

Nevermind, figured it out...
If anyone still wants to disable it, go to control panel, internet connection, right click on the chosen internet connection and then properties.
Then go to Networking and uncheck the box that has "file and printer sharing" next to it.
That's all.

-Zivlet-

i think that maybe he should disable netbios when we connects to the internet if that's the problem.

there are 3 possibilities (i know):

- install a firewall
- open dos prompt: "net share" (shows all shares on local)
-> "net share ADMIN$ /DELETE" (deletes the admin share so it's impossible to connect to the system with system privilegs. with pwd and username)
- simply stop net-bios-service!


so long

black

yeah, u can disable netbios in the tcp-ip advanced options of ur internetconnection

btw, blackp0ster. After reboot the shares are set back to enabled

The simplest solution is always the best one...use a good password. Then nobody can hack your computer using netbios. A password like this (34jEDSF2334d) is vertually uncrackable.

Good choice is also getting a router then add a
firewall prog'y should be 'nugh fer home user...

There is a bit more to your problem than meets the eye, I suggest a firewall of some sort here is the reason: If 139 is open then it exposes a rpc (remote procedure call) interface to the world. Remote procedure calls are just what they sound like, a way to trigger some action on a remote machine like send me a file or authenticate me. The long and short if it is M$ has not given us a way to turn off tcp 139 or 445 and this will always leave you open to attack no matter how many patches they put out. Put a hardened something or other inbetween this box and the world, I cannot stress this enough.

yeap. firewall and strong password are enough. but if u are using win95,98,me. i sugguest u bock all the netbios port cuz the shared password for those can be cracked easily. if u are using XP later. its comes with a build in firewall for netbios.

Assuming you don't have a firewall, and don't want to use a freebie like zone alarm, then shut down port 139 as specific elsewhere then shut down 445 per below.

MS has a KB article on how to really disable netbios which includes how to shut down port 445 as well as 139.

Do a search. For 445, It involves device manager, show hidden devices, then non-plug and play drivers, then disble netbios over tcp\ip.

For 139, in XP network properties, advanced tab, wins--disable netbios over tcp\ip

To shut down port 135 without problems is much harder

In my own case, i'd rather dissabling it, 'coz i know i won't use it... another thing to do if you don't (want to dissable it), is restricting anonymous user... this way , you can forget to mess around the null session matters...
In win registry:

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous

Default value : 0
Recommended for win2k/XP/2k3 : 2
NT boxes : 1

Another way should be deleting the shares with net command as it was explained in a post above.

About changing the pass with a harder one does not seem to be the right way, at least, for me... 'coz if u don't need to give the service is a BIG mistake to keep it open. And I'm sure i'm not the only one with this opinion. ^^


PD: Don't forget that using fw is a nice option too, but, again it's still better close the unwanted service. ;P

salu2

If you disable Netbios is it on selected network connections?

Can I disable it on my net conection but leave it active on my home network connection?

Yes but not port 445 smb over tcp/ip as far as I know, that one is all or nothing since it's done in device manager.

If you leave 445 open then it doesn't matter if you shut down 139 it will go through 445

You can also do port filtering in tcp\ip adanced properties.
Other things: shutdown server and workstation service