Solved

NetBIOS over TCP/IP Question

Posted on 2003-11-22
6
225 Views
Last Modified: 2013-12-04
I've read an awful lot about how TCP/IP is a bad thing.  However, I haven't been able to find a definitive answer regarding how disabling TCP/IP over a mixed network will affect the network (if any).

For example, if I have a linux / Windows 2000 / Win NT network.

0
Comment
Question by:KABOOM
6 Comments
 

Author Comment

by:KABOOM
ID: 9807612
Hmm, I realize how stupid this question sounds.  Let me re-state my question:

I've read an awful lot about how enabling NetBIOS TCP/IP is a bad thing.  However, I haven't been able to find a definitive answer regarding how disabling NetBIOS over TCP/IP over a mixed network will affect the network (if any).

For example, if I have a linux / Windows 2000 / Win NT network.
Basically, how crucial is netbios to networking?

Sorry about the question.  I'll do a better job of proofreading
0
 
LVL 13

Accepted Solution

by:
ocon827679 earned 25 total points
ID: 9811537
NetBIOS is a requirement of Windows operating systems before W2K.  All naming in pre-W2K Windows OS's was done with NetBIOS.  If you have per-W2K windows OS's then you would want to keep NetBIOS around in order for this OS's to use Windows network resources.  Once you get rid of your NT and bring everything to W2K or later you can try turning NetBIOS off.  However, some applications are NetBIOS enabled and you may not have a chioce but to keep NetBIOS for a while.
0
 
LVL 24

Assisted Solution

by:SunBow
SunBow earned 25 total points
ID: 9812012
Agreed.

NetBios comes from earlier NetOS's for computers to access each other on a LAN by using their computer name, not address. It is not meant at all for internet, never was, it should be non-routable, but that is what NetBios over TCP tries to do. This can permit a user to access a remote printer that is attached to a Windows machine in some far away place. The benefit, whatever that is, is superceded by the security problems incurred.

KABOOM> Basically, how crucial is netbios to networking?

MS> Port Requirements for the Microsoft Windows Server System
MS> http://support.microsoft.com/default.aspx?scid=kb;en-us;832017

I count 27 uses in the table for "NetBIOS Name Resolution" for even Server 2003, including the SMS server that is required to perform the updates for the vulnerabilities to which you infer.

KABOOM> find a definitive answer regarding how disabling NetBIOS over TCP/IP over a mixed network will affect the network (if any).

MS> http://www.microsoft.com/security/incident/blast.asp
MS> 1. Enable a Firewall

The common approach these days is to run a personal firewall, usually a ZoneAlarm, Sygate, or BlackIce (user preferred in that order) to block NetBios transmissions by its port #'s, especially towards the internet facing/front, yet leave a possibility for opening the port only for specifically approved addresses.

Answer: NetBios still provides crucial functions for MS SW, but it's implementation should be managed by firewalling the resources that use it.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now