?
Solved

Client Firewalls on Domain - What is NETBIOS_DGM and NETBIOS_NS for? Should i be allowing or blocking?

Posted on 2006-06-05
5
Medium Priority
?
1,490 Views
Last Modified: 2013-11-16
Hi,

I've got a new AV product that includes an client firewall and it's automatically closed to everything and you have to enable what you want (this is a good thing!), I'm testing it before i roll it out on my domain and i have a few config questions.

At the moment, there is a tick box that allows you to allow NETBIOS on the local LAN. Looking through the firewall allow logs i can see a lot of entrys for that have been allowed under this rule:

UDP IN NETBIOS_NS => this comes from a Jet Direct print server, the exchange server and a Finance package server
UDP IN NETBIOS_DGM => This comes from everywhere printers (1 in partciular shows up every minute), other clients and the DC.
TCP OUT MICROSOFT_DS => To the DC
TCP OUT NETBIOS_SESSION => To the DC

Should i have this rule set to allow? And why are there so many things using NETBIOS_DGM (especially a printer sending UDP packets out all the time)?

I'm afraid i don't know too much about NETBIOS, so any advice would be great. I've put this at 500 points due to the detail i'm likely to need.

Thanks
0
Comment
Question by:Encams
3 Comments
 

Author Comment

by:Encams
ID: 16833023
Just a note - that printer is sending out UDP packets every 30 seconds!?
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 1000 total points
ID: 16834834
NETBIOS_DGM = Datagram Service udp port 138
NETBIOS_NS    = Name Service      udp port 137

Ports 135 - 139 & 445 are used for file & printer sharing, MS logons, and other good stuff.

I would certainly block it on my firewall except to pass through a VPN

0
 
LVL 8

Assisted Solution

by:charan_jeetsingh
charan_jeetsingh earned 1000 total points
ID: 16841493
hi there....

just go through this link and see what is erq by you and accordingly u can block.....

http://en.wikipedia.org/wiki/List_of_well-known_ports_(computing)

http://support.microsoft.com/default.aspx?scid=kb;en-us;832017

Cj
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses
Course of the Month16 days, 3 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question