Netbios and bindiings
in [Wireless]
|
Prev: WAN connection
Next: Wireless problems, again...
From: David H. Lipman on 7 Mar 2010 20:46 From: "RB" <NoMail(a)NoSpam> >> If you are worried, specifically block TCP and UDP port 135 ~ 138 and 445 >>on the Linksys Router. >> This way no NetBIOS over IP can leak out to the Internet and no hacker from the >> Internet >> can access via these ports. | Ok, it there some app or some way I can tell if any of my apps use these ports ? NetBIOS over IP and SMB uses these ports. That's why I indicate to delibarately block them at the Router (LAN/WAN barrier). >> Use a PreShared authentication key for WireLess that is long and strong in conjunction >> with AES encryption and you may want to use MAC Authentication as well. | | Ok, my router does support this so I could make the switch, I wondering if I keep the | | same generated key could I just switch in the router without having to reconfigure all | | the laptops. If the PreShared authentication is weak then yes, you would if you chage it a strong authentication string. Mine is ASCII 13~4 cars. long using uppercase, lowercase and numbers. >> Also disable all remote management protocols to the Router (that is POV of the WAN >> side) and disable WAN ICMP and UDP traceroute capabilities. | I'm pretty | sure I already have this set. Would I have to change anything if say a Tech | support (at my clicked authorization) needed to take over my PC for configurations or is that a | | different thing ? If you invite them, it should't be a problem. They just won't be able to 'ping' you. However, I wouldn't let *any* tech support take control of my computer. Too much possibility of abuse. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: RB on 7 Mar 2010 20:26 > - It sounds as if you've been reading Steve Gibson's advice at www.grc.com. Yes his sight and a few others (which I surmise are also dated) >That is pretty dated - it's for NT/4 and there have been quite a few changes since then. Could you tell me some of the changes or give a link about such ( If it is not covered below) > - With respect to NetBIOS over TCP/IP, start reading here: http://networking.nitecruzr.net/2006/04/netbios-over-tcpip.html This has some interesting stuff. It will take me some time to read over this. I may come back with some different questions
From: RB on 7 Mar 2010 20:47 > Specifically what are you reading that shows "screens of Network Bindings to > all services"? If we can view it we will be better able to answer that question. I would guess it's probably a NT thing. I saw the bindings at this link http://www.practicallynetworked.com/sharing/xp/network_protocols/network_protocols10.gif > Any NAT router's firewall worth it's salt will block the NetBIOS/TCP (and SMB) ports between the LAN and WAN segments so > NetBIOS/TCP (and SMB) traffic will stay within the LAN. So these ports are not usually needed by any installed app ? >I usually turn off NetBIOS/TCP on a laptop's wireless connection since they connect to various LANs when they go mobile. >NetBIOS/TCP makes the machines visible in My Network Places. But SMB can still get to machines on the LAN unless the File and >Printer sharing exception is turned off in the XP firewall. What is SMB ? Is this any better than NWLink IPX/SPX ? See I need to see some shared folders on the Desktop
From: Jack [MVP-Networking] on 7 Mar 2010 20:59 Hi If you are worried that is a good idea. Adding NetBEUI as Sharing Protocol in WinXP: http://www.ezlan.net/netbeui.html Jack (MS, MVP-Networking). "RB" <NoMail(a)NoSpam> wrote in message news:%23MQO2fhvKHA.812(a)TK2MSFTNGP06.phx.gbl... > Running XP Pro sp3 > Peer to Peer (no server software) Lan with password logon enabled, > Client for MS Networks and File & Print Sharing, all nodes are in the > same named Workgroup, running a NAT firewall enabled Linksys router > out connected to cable modem and all nodes connected into router either > by hard wire ethernet or wireless (wireless running TKIP encryption (WPA)) > > I have two questions: (subject may be because of dated material I'm > reading) > 1. One some of the text I'm reading shows screens of Network Bindings to > all services > But in my properties of network connections I cannot find any such > screen, > the nearest I can come to it is the Enable or Disable Netbios over > TCP/IP, but > this does not give binging or unbinding for any of the services running > ? > Where can I get to this ? > 2. I've read that Netbios is a security issue over TCP since it could > allow inside > Lan stuff to outside. Has Netbios been upgraded to alleviate this or is > installing > Netbeui a more secure solution since I need local Lan sharing of some > folders. > > >
From: RB on 8 Mar 2010 11:48
"Jack [MVP-Networking]" > If you are worried that is a good idea. > Adding NetBEUI as Sharing Protocol in WinXP: http://www.ezlan.net/netbeui.html > Jack (MS, MVP-Networking). So then you are saying that NetBeui is a good thing then ? I have the following questions if you would be so kind as to reply to them. What is SMB ? Is this any better than NWLink IPX/SPX ? See I need to see some shared folders on the Desktop Where is this mysterious screen found for bindings, does it install with netbeui ? I cannot find it on my xp machine. http://www.ezlan.net/network/XP_Net_advance.jpg |