Client Firewalls on Domain - What is NETBIOS_DGM and NETBIOS_NS for? Should i be allowing or blocking?
Posted on 2006-06-05
I've got a new AV product that includes an client firewall and it's automatically closed to everything and you have to enable what you want (this is a good thing!), I'm testing it before i roll it out on my domain and i have a few config questions.
At the moment, there is a tick box that allows you to allow NETBIOS on the local LAN. Looking through the firewall allow logs i can see a lot of entrys for that have been allowed under this rule:
UDP IN NETBIOS_NS => this comes from a Jet Direct print server, the exchange server and a Finance package server
UDP IN NETBIOS_DGM => This comes from everywhere printers (1 in partciular shows up every minute), other clients and the DC.
TCP OUT MICROSOFT_DS => To the DC
TCP OUT NETBIOS_SESSION => To the DC
Should i have this rule set to allow? And why are there so many things using NETBIOS_DGM (especially a printer sending UDP packets out all the time)?
I'm afraid i don't know too much about NETBIOS, so any advice would be great. I've put this at 500 points due to the detail i'm likely to need.