Ask the Expert

Blocking NT NetBios name queries

I'm running NT Workstation 4.0 and I log into a private www-based BBS. I am connected to the Internet through a DSL RAS connection, and I also have a small ethernet LAN that is based on Microsoft Networking. Recently the sysop sent email asking me why he was getting probed on port 137. After some research, we discovered that port 137 is used by Microsoft Networking for NetBios name requests. My question is this: How do you stop NT from making NetBios name queries when you make a simple HTTP request?
As you know, Windows NT uses NetBIOS over TCP/IP for many of the Windows networking functions. Windows NT needs NetBIOS to interact with other Windows systems for everything from WINS name registration/resolution to file and print sharing. One option to would be to turn off NetBIOS over TCP/IP altogether by disabling the protocol binding -- though this will break Microsoft Networking functions. However, if you use one adapter to connect to your ISP and a separate adapter for your internal network, you can disable the binding on your ISP?s adapter only, and still be able to use NetBIOS and Windows networking on your internal network.

A second option is to block the NetBIOS ports into and out of your LAN; this is a good security measure in any case. If you use a small office/home office (SOHO) router to connect from your LAN to your ISP, you can configure the router to block outbound NetBIOS packets (TCP and UDP ports 137, 138, and 139. Include port 445 as well if you are running Win2K). This will prevent your Windows network from trying to ?talk? to other Windows networks. It?s also a good idea to block these ports inbound

    Requires Free Membership to View

, so nobody on the outside can connect to your internal Windows network. See your router?s documentation for how to do this.

If you don?t have a router, personal firewall software (available for free or cheap -- products such as BlackICE Defender, Zone Alarm, Tiny Firewall?) can also be used to block packets to and from your individual PCs. You would want to block the same ports listed above, both inbound and outbound.
 

This was first published in June 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: