Tag Archives: netbios

Disable NetBIOS in W2K/XP/2003

Posted on by

NetBIOS is an ancient session-level interface and transport protocol developed by IBM to network together PCs. It is a broadcast-based, non-routable and insecure protocol, and it scales poorly mostly because it was designed with a flat namespace. Since the late 1980s Microsoft has adopted NetBIOS for their LAN Manager product, and from there it found its way into early versions of Windows and all the way into Windows NT.

via Disable NetBIOS in W2K/XP/2003.

Works with Windows 7 and got rid of all NBNS traffic for me on a per interface basis.  I have netbios disabled on the wireless interface  because wireless should be considered insecure and this NetBios traffic likes to broadcast to everyone your position which IMHO is not good.  Run silent, run deep.

Flame Malware Hijacks Windows Update Mechanism

Posted on by

According to Symantec’s Security Response team, the Snack module sniffs NetBIOS requests on the local network. NetBIOS name resolution allows computers to find each other on a local network via peer-to-peer, opening up an avenue for spoofing.

“When clients attempt to resolve a computer name on the network, and in particular make WPAD (Web Proxy Auto-Discovery Protocol) requests, Flamer will claim it is the WPAD server and provide a rogue WPAD configuration file (wpad.dat),” Symantec noted. “NetBIOS WPAD hijacking is a well-known technique and many publicly available hack tools have implemented the technique.”

via Flame Malware Hijacks Windows Update Mechanism | SecurityWeek.Com.

This is why automatic Windows updates should always be off.  Only update manually when you know your network is secure.

Packetstan: NBNS Spoofing on your way to World Domination

Posted on by

Since the look up is just a hostname, windows adds the local DNS suffix to the query and asks its DNS server(s). The suffix picked up my the Windows box usually comes from the DHCP server. As you can see, the DNS server replied that it had no idea on how to lookup that name. Next, you’ll see the NBNS Request. The beautiful thing is, the NBNS Request is a broadcast, so anyone can reply easily and redirect traffic.

via Packetstan: NBNS Spoofing on your way to World Domination.

NetBIOS/NBNS

Posted on by

NBNS serves much the same purpose as DNS does: translate human-readable names to IP addresses e.g. www.wireshark.org to 65.208.228.223. As NetBIOS can run on top of several different network protocols e.g. IP, IPX, …, other implementations of the NetBIOS services have their own mechanisms for translating NetBIOS names to addresses. NBNS’s services are more limited, in that NetBIOS names exist in a flat name space, rather than DNS’s hierarchical one multiple flat name spaces can exist, by using NetBIOS scopes, but those are rarely used, and NBNS can only supply IPv4 addresses; NBNS doesn’t support IPv6.

via NetBIOS/NBNS – The Wireshark Wiki.