[HybrdFusioNZ]

I was looking for some instructions to enable filesharing with two computers running on Win XP Pro, with a Linksys BEFSR41 router, and found some here

Now I got sharing up and running but when I was assigning the names for the computers, I remember seeing something about a NetBIOS computer name. Now this is worrying me a lot because I remember reading about how vulnerable NetBIOS networks are especially when passwords are not being used [I did not set any passwords, I'm not quite sure how to do this for the network]. I also saw some NetBIOS settings: Default [selected right now], Enable NetBIOS over TCP/IP and disabling NetBIOS over TCP/IP. I tried disabling it but I couldn't share files anymore just like I thought would happen. I remember reading that I can increase security on NetBIOS by using Scope IDs. Anyone tell me how to do this?

Another thing:
I disabled simple filesharing so I can set permissions for shared folders. However, when I tried adding a new user/group it only searches my computer for the particular user/group. When I went into the Location Window, I only can see my own computer and not my other one as well. Same thing happens the other way around. Is there a way for me to select the other computer in searching users for the sharing permissions? [I'm able to see the other computer in the workgroup and access their shared files right now, but I want put a limitation since "Everyone" can access the files]

[sapiens74]

Block NetBios Port numbers at your router. THen it cannot leave you network

[HybrdFusioNZ]

Quote:

Block NetBios Port numbers at your router. THen it cannot leave you network

I'm sorry but can you provide a step by step explaination?

Thanks!

[sapiens74]

Sure,


ON your router when you type in 192.168.1.1 in your web browser it should take you to your start page to configure your router. Click on the tab in the upper right that says advanced


This should take you to the Filters page by Default

You will see halfway down a
Filtered Private Port Range: with settings 1-5

I believe Netbios uses 137-139 so you would set it under the first tab at both.

You actually get a chioce between Both, TCP, or UDP

Then in the first box for the range put 137
Then in the second box put 139
Then hit Apply at the bottom of the page

That will then filter out all Traffic for ports 137-139, which NetBios uses.

[sapiens74]

There may be more then those ports needed to completely block all NetBios traffic, but you add them the same way.


Hope that helps

[HybrdFusioNZ]

Thanks! Now my next question is: Does anyone else know the other ports needed to completely block all NetBios traffic?

[jmmijo]

I've got that same router and have not blocked those ports. Seems to me that it's done automatically in that I've not seen anything to indicate that somebody on the WAN side of things can see any of my internal boxes.

The fact that you're using, like I am, internal non-routable IP addresses would preclude any of this getting outbound or outside of the router

[sapiens74]

There are 2 ways to approch security

To assume it's safe and to make sure it is


Blocking ports assures it doesn't get through especially when someone is spoofing known internal IP addresses.

[Daniac]

Quote:

Thanks! Now my next question is: Does anyone else know the other ports needed to completely block all NetBios traffic?

Make sure you close ports 135-139 = NETBIOS and port 445 = Active Directory Services.

Either one of the above mentioned is frequently used by viruses and hackers. A simple NET USE command will get a connection on port 139 if it is open to the outside world.

[jmmijo]

Ah, this is all good info, thanks

I just entered these ports into my Linksys router as well

[HybrdFusioNZ]

Yea, thanks for the info!

[ReadError]

Since nobody is "supposed" to connect to you between ports 111 and 1023, why not block all those?

[sapiens74]

You need 443 dpr SSL

[jmmijo]

But if you don't use VPN or any kind of SSL, do you really need that port to be open ;(

[sapiens74]

Quote:

But if you don't use VPN or any kind of SSL, do you really need that port to be open ;(

Any time you use an secure website with an https you use port 443


So try paying your bills online or using any other secure site with that port blocked.

[jmmijo]

There you go, so indeed you want that port open at least

Thanks agian for the info sapiens

[sapiens74]

If i wasn't studying for my security+ test, and didn't have these damn ports burned into my brain, i wouldn't have known that

[ReadError]

HybrdFusionz doesn't want incoming connections, so set a forward range to a IP that doesn't exist on the local network.