Solved

NetBIOS traffic (internal) Firewall rules

Posted on 2006-07-20
7
399 Views
Last Modified: 2013-11-16
I've looked up the NetBIOS ports and what is used.  I've read through the RFC's, but I haven't been able to determine directionality.  Here is the general idea for what I am looking for.  If someone can provide all minimal firewall rules necessary for NetBIOS traffic to function, it would be greatly appreciated.  I am looking for traffic between workstation and server.

Thanks

Awakenings

0
Comment
Question by:awakenings
  • 4
  • 2
7 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 350 total points
Comment Utility
Most Part;

Port 135, 137-139 and 445 (Both UDP and TCP)

Allow them and should be okay.

Cheers,
Rajesh
0
 

Author Comment

by:awakenings
Comment Utility
Rajesh,

     But do I need them bidirectionally?  Can I minumize them for only outbound from workstation to server?  The ports are listed in ARIN and I can see the information you just provided.  I am looking for the minimum requirement between workstation and server.  What I am looking for is this;

Workstation tcp 135 outbound serever
Workstation udp 135 bidirectional server
Workstation tcp 137 outbound server.
etc.


    If you can provide this, it would be greatly appreciated.


Awakenings
0
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 350 total points
Comment Utility
Except for 135 (Wins I believe), all should be enabled towards the server.

Cheers,
Rajesh
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 7

Assisted Solution

by:nttranbao
nttranbao earned 150 total points
Comment Utility
Reference about the NETBIOS port security

http://www.nacs.uci.edu/security/netbios.html#what
0
 
LVL 32

Expert Comment

by:rsivanandan
Comment Utility
thnx for the points, I hope you got the situation under control ?

Cheers,
Rajesh
0
 

Author Comment

by:awakenings
Comment Utility
Rajesh,

    Yes.  It took alot of research and analysis of existing rules to determine how things are supposed to be set up.

Awakenings
0
 
LVL 32

Expert Comment

by:rsivanandan
Comment Utility
Ok. cool. One time job, pays off for future too :-)

Cheers,
Rajesh
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now