Q

Blocking NT NetBios name queries

I'm running NT Workstation 4.0 and I log into a private www-based BBS. I am connected to the Internet through a DSL RAS connection, and I also have a small ethernet LAN that is based on Microsoft Networking. Recently the sysop sent email asking me why he was getting probed on port 137. After some research, we discovered that port 137 is used by Microsoft Networking for NetBios name requests. My question is this: How do you stop NT from...

making NetBios name queries when you make a simple HTTP request? As you know, Windows NT uses NetBIOS over TCP/IP for many of the Windows networking functions. Windows NT needs NetBIOS to interact with other Windows systems for everything from WINS name registration/resolution to file and print sharing. One option to would be to turn off NetBIOS over TCP/IP altogether by disabling the protocol binding -- though this will break Microsoft Networking functions. However, if you use one adapter to connect to your ISP and a separate adapter for your internal network, you can disable the binding on your ISP?s adapter only, and still be able to use NetBIOS and Windows networking on your internal network.

A second option is to block the NetBIOS ports into and out of your LAN; this is a good security measure in any case. If you use a small office/home office (SOHO) router to connect from your LAN to your ISP, you can configure the router to block outbound NetBIOS packets (TCP and UDP ports 137, 138, and 139. Include port 445 as well if you are running Win2K). This will prevent your Windows network from trying to ?talk? to other Windows networks. It?s also a good idea to block these ports inbound, so nobody on the outside can connect to your internal Windows network. See your router?s documentation for how to do this.

If you don?t have a router, personal firewall software (available for free or cheap -- products such as BlackICE Defender, Zone Alarm, Tiny Firewall?) can also be used to block packets to and from your individual PCs. You would want to block the same ports listed above, both inbound and outbound.
 

This was first published in June 2001

Dig deeper on Network Security Monitoring and Analysis

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close