Problem solve Get help with specific problems with your technologies, process and projects.

Blocking NT NetBios name queries

I'm running NT Workstation 4.0 and I log into a private www-based BBS. I am connected to the Internet through a DSL RAS connection, and I also have a small ethernet LAN that is based on Microsoft Networking. Recently the sysop sent email asking me why he was getting probed on port 137. After some research, we discovered that port 137 is used by Microsoft Networking for NetBios name requests. My question is this: How do you stop NT from making NetBios name queries when you make a simple HTTP request?
As you know, Windows NT uses NetBIOS over TCP/IP for many of the Windows networking functions. Windows NT needs NetBIOS to interact with other Windows systems for everything from WINS name registration/resolution to file and print sharing. One option to would be to turn off NetBIOS over TCP/IP altogether by disabling the protocol binding -- though this will break Microsoft Networking functions. However, if you use one adapter to connect to your ISP and a separate adapter for your internal network, you can disable the binding on your ISP?s adapter only, and still be able to use NetBIOS and Windows networking on your internal network.

A second option is to block the NetBIOS ports into and out of your LAN; this is a good security measure in any case. If you use a small office/home office (SOHO) router to connect from your LAN to your ISP, you can configure the router to block outbound NetBIOS packets (TCP and UDP ports 137, 138, and 139. Include port 445 as well if you are running Win2K). This will prevent your Windows network from trying to ?talk? to other Windows networks. It?s also a good idea to block these ports inbound, so nobody on the outside can connect to your internal Windows network. See your router?s documentation for how to do this.

If you don?t have a router, personal firewall software (available for free or cheap -- products such as BlackICE Defender, Zone Alarm, Tiny Firewall?) can also be used to block packets to and from your individual PCs. You would want to block the same ports listed above, both inbound and outbound.

This was last published in June 2001

Dig Deeper on Network Security Monitoring and Analysis