Re: Blocking NetBios

[Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>]

On 2004-06-10 Kareem Mahgoub wrote:
> I have a request from one of our clients to block NetBios in thier
> Network ( No one should be able to see the shared resources of others)

Not sure if I understand this correctly. If noone should see the shared
resources, then why are they sharing them? Should only selected
computers be able to access a resource? Or do they want to prevent
computers administrated by third parties from sharing resources?

> I have googled around and all what I have found is blocking it on the
> edge communication equipment ( router, xDSL modemd..etc) Which will be
> done. The most important thing is to disable it internally ( inside
> the LAN) Any suggestions???

Is invisibility of the shares sufficient or should (blind) access also
be prevented? The former can easily be achieved by appending a "$" to
the share's name (WHATEVER$ instead of WHATEVER). For the latter you
will have to use managed switches to block traffic at least from and to
ports 137-139 (both TCP and UDP). For Direct SMB you will have to block
port 445 as well. Another option may be setting file- and/or share-ACLs
on each computer appropriately.

What exactly are they trying to accomplish, if I might ask?

Regards
Ansgar Wiechers

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------