HybrdFusioNZ 0 Posted August 23, 2003 I was looking for some instructions to enable filesharing with two computers running on Win XP Pro, with a Linksys BEFSR41 router, and found some here Now I got sharing up and running but when I was assigning the names for the computers, I remember seeing something about a NetBIOS computer name. Now this is worrying me a lot because I remember reading about how vulnerable NetBIOS networks are especially when passwords are not being used [i did not set any passwords, I'm not quite sure how to do this for the network]. I also saw some NetBIOS settings: Default [selected right now], Enable NetBIOS over TCP/IP and disabling NetBIOS over TCP/IP. I tried disabling it but I couldn't share files anymore just like I thought would happen. I remember reading that I can increase security on NetBIOS by using Scope IDs. Anyone tell me how to do this? Another thing: I disabled simple filesharing so I can set permissions for shared folders. However, when I tried adding a new user/group it only searches my computer for the particular user/group. When I went into the Location Window, I only can see my own computer and not my other one as well. Same thing happens the other way around. Is there a way for me to select the other computer in searching users for the sharing permissions? [i'm able to see the other computer in the workgroup and access their shared files right now, but I want put a limitation since "Everyone" can access the files] Share this post Link to post
sapiens74 0 Posted August 23, 2003 Block NetBios Port numbers at your router. THen it cannot leave you network Share this post Link to post
HybrdFusioNZ 0 Posted August 24, 2003 Quote: Block NetBios Port numbers at your router. THen it cannot leave you network I'm sorry but can you provide a step by step explaination? Thanks! Share this post Link to post
sapiens74 0 Posted August 24, 2003 Sure, ON your router when you type in 192.168.1.1 in your web browser it should take you to your start page to configure your router. Click on the tab in the upper right that says advanced This should take you to the Filters page by Default You will see halfway down a Filtered Private Port Range: with settings 1-5 I believe Netbios uses 137-139 so you would set it under the first tab at both. You actually get a chioce between Both, TCP, or UDP Then in the first box for the range put 137 Then in the second box put 139 Then hit Apply at the bottom of the page That will then filter out all Traffic for ports 137-139, which NetBios uses. Share this post Link to post
sapiens74 0 Posted August 24, 2003 There may be more then those ports needed to completely block all NetBios traffic, but you add them the same way. Hope that helps Share this post Link to post
HybrdFusioNZ 0 Posted August 24, 2003 Thanks! Now my next question is: Does anyone else know the other ports needed to completely block all NetBios traffic? Share this post Link to post
jmmijo 1 Posted August 24, 2003 I've got that same router and have not blocked those ports. Seems to me that it's done automatically in that I've not seen anything to indicate that somebody on the WAN side of things can see any of my internal boxes. The fact that you're using, like I am, internal non-routable IP addresses would preclude any of this getting outbound or outside of the router Share this post Link to post
sapiens74 0 Posted August 25, 2003 There are 2 ways to approch security To assume it's safe and to make sure it is Blocking ports assures it doesn't get through especially when someone is spoofing known internal IP addresses. Share this post Link to post
Daniac 0 Posted August 25, 2003 Quote: Thanks! Now my next question is: Does anyone else know the other ports needed to completely block all NetBios traffic? Make sure you close ports 135-139 = NETBIOS and port 445 = Active Directory Services. Either one of the above mentioned is frequently used by viruses and hackers. A simple NET USE command will get a connection on port 139 if it is open to the outside world. Share this post Link to post
jmmijo 1 Posted August 25, 2003 Ah, this is all good info, thanks I just entered these ports into my Linksys router as well Share this post Link to post
ReadError 0 Posted August 25, 2003 Since nobody is "supposed" to connect to you between ports 111 and 1023, why not block all those? Share this post Link to post
jmmijo 1 Posted August 25, 2003 But if you don't use VPN or any kind of SSL, do you really need that port to be open ;( Share this post Link to post
sapiens74 0 Posted August 25, 2003 Quote: But if you don't use VPN or any kind of SSL, do you really need that port to be open ;( Any time you use an secure website with an https you use port 443 So try paying your bills online or using any other secure site with that port blocked. Share this post Link to post
jmmijo 1 Posted August 25, 2003 There you go, so indeed you want that port open at least Thanks agian for the info sapiens Share this post Link to post
sapiens74 0 Posted August 26, 2003 If i wasn't studying for my security+ test, and didn't have these damn ports burned into my brain, i wouldn't have known that Share this post Link to post
ReadError 0 Posted August 26, 2003 HybrdFusionz doesn't want incoming connections, so set a forward range to a IP that doesn't exist on the local network. Share this post Link to post