As you know, Windows NT uses NetBIOS over TCP/IP for many of the Windows networking functions. Windows NT needs NetBIOS to interact with other Windows systems for everything from WINS name registration/resolution to file and print sharing. One option to would be to turn off NetBIOS over TCP/IP altogether by disabling the protocol binding -- though this will break Microsoft Networking functions. However, if you use one adapter to connect to your ISP and a separate adapter for your internal network, you can disable the binding on your ISP?s adapter only, and still be able to use NetBIOS and Windows networking on your internal network. A second option is to block the NetBIOS ports into and out of your LAN; this is a good security measure in any case. If you use a small office/home office (SOHO) router to connect from your LAN to your ISP, you can configure the router to block outbound NetBIOS packets (TCP and UDP ports 137, 138, and 139. Include port 445 as well if you are running Win2K). This will prevent your Windows network from trying to ?talk? to other Windows networks. It?s also a good idea to block these ports inbound
, so nobody on the outside can connect to your internal Windows network. See your router?s documentation for how to do this. If you don?t have a router, personal firewall software (available for free or cheap -- products such as BlackICE Defender, Zone Alarm, Tiny Firewall?) can also be used to block packets to and from your individual PCs. You would want to block the same ports listed above, both inbound and outbound.
This was first published in June 2001