Black Viper's BBS

Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: TCP/IP NetBIOS Helper  (Read 1169 times)

0 Members and 1 Guest are viewing this topic.

Black Viper

  • Administrator
  • ******
  • Posts: 1103
  • "Have you tweaked your OS lately?"
    • WWW
TCP/IP NetBIOS Helper
« on: March 13, 2008, 01:38:09 pm »
Discussion of the TCP/IP NetBIOS Helper Service located in Windows Vista SP1.

TCP/IP NetBIOS Helper
Service Information: http://www.blackviper.com/WinVista/Services/TCP_IP_NetBIOS_Helper.htm
Logged
Charles "Black Viper" Sparks
www.blackviper.com

TekMason

  • Newbie
  • *
  • Posts: 5
Re: TCP/IP NetBIOS Helper
« Reply #1 on: October 25, 2008, 06:28:03 pm »
I think I have discovered an error with the information on the TCP/IP NetBIOS Helper service.  It is an easy mistake to make however as the description of the service itself is misleading, Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.

If you are not using WINS (NetBIOS) for name resolution you can not access a server share by UNC name with this service disabled!
i.e.  \\server1\share will not work.
Packet traces indicate that windows will resolve the name with DNS, then completely skips SMB to connect and moves on to http:\\servername\share (WebDav I presume).  I have confirmed this on WinXP SP2 and SP3.

TekMason
Logged

couttsj

  • Jr. Member
  • **
  • Posts: 234
Re: TCP/IP NetBIOS Helper
« Reply #2 on: October 25, 2008, 08:40:11 pm »
I am not sure I understand what you are trying to say. The description says "Enables support for NetBIOS name resolution", and it is for this reason that I have always found it necessary to run this service on both XP and Vista. Without it, I cannot find the other machines on the network.

J.A. Coutts
Logged

TekMason

  • Newbie
  • *
  • Posts: 5
Re: TCP/IP NetBIOS Helper
« Reply #3 on: October 25, 2008, 09:07:21 pm »
Windows 2000 and later AD Domain based networks do not net to use WINS or NetBIOS for name resolution.  They can rely soley on DNS for all server/network name resolution.  This is a best practice for security and efficiency.  NetBIOS and WINS are really nasty protocols/services that reveal a lot of information about your network and they also offer crackers a multitude of attack vectors.

Point is...
The name of this service and the description that MS provides might lead one to believe that it is useful only for NetBIOS and they can disable the TCP/IP NetBIOS Helper service in a AD Domain using only DNS. 

TekMason

Logged

TekMason

  • Newbie
  • *
  • Posts: 5
Re: TCP/IP NetBIOS Helper
« Reply #4 on: October 25, 2008, 09:15:09 pm »
Sorry I can't figure out how to edit my posts.  I should have said...

Disabling NetBIOS (thus WINS) is a best practice for security and efficiency.

Logged

couttsj

  • Jr. Member
  • **
  • Posts: 234
Re: TCP/IP NetBIOS Helper
« Reply #5 on: October 26, 2008, 07:49:03 am »
Quote from: TekMason on October 25, 2008, 09:07:21 pm
Windows 2000 and later AD Domain based networks do not net to use WINS or NetBIOS for name resolution.  They can rely soley on DNS for all server/network name resolution.  This is a best practice for security and efficiency.  NetBIOS and WINS are really nasty protocols/services that reveal a lot of information about your network and they also offer crackers a multitude of attack vectors.

Point is...
The name of this service and the description that MS provides might lead one to believe that it is useful only for NetBIOS and they can disable the TCP/IP NetBIOS Helper service in a AD Domain using only DNS. 

TekMason
I guess we will have to agree to disagree. Active Directory is the service that I have always found to be a real pain in the butt. I agree that NetBios does pose a security risk, but my solution has always been to block ports 137/138/139 at the network perimeter. Port 445 should also be blocked at the perimeter. Both 139 & 445 have been used as attack vectors in the past, and are being used again in this latest Microsoft fiasco.

J.A. Coutts
Logged

TekMason

  • Newbie
  • *
  • Posts: 5
Re: TCP/IP NetBIOS Helper
« Reply #6 on: October 26, 2008, 07:11:31 pm »
I don't think we are in disagreement JA.

Every one of the ports you mentioned should definitely be blocked at the firewall.
In addition the server service should be disabled on all computers that are not truly servers.

TekMason

Quote from: couttsj on October 26, 2008, 07:49:03 am

I guess we will have to agree to disagree. Active Directory is the service that I have always found to be a real pain in the butt. I agree that NetBios does pose a security risk, but my solution has always been to block ports 137/138/139 at the network perimeter. Port 445 should also be blocked at the perimeter. Both 139 & 445 have been used as attack vectors in the past, and are being used again in this latest Microsoft fiasco.

J.A. Coutts

Logged

couttsj

  • Jr. Member
  • **
  • Posts: 234
Re: TCP/IP NetBIOS Helper
« Reply #7 on: October 26, 2008, 07:30:24 pm »
Quote from: TekMason on October 26, 2008, 07:11:31 pm
I don't think we are in disagreement JA.

Every one of the ports you mentioned should definitely be blocked at the firewall.
In addition the server service should be disabled on all computers that are not truly servers.

TekMason
2/3 of my customers share files on a small network without a server. They would be lost without the Server service. I don't know if any of them use a domain controller of whatever variety.

J.A. Coutts
Logged

TekMason

  • Newbie
  • *
  • Posts: 5
Re: TCP/IP NetBIOS Helper
« Reply #8 on: October 27, 2008, 09:49:22 pm »
Hi JA,
In those situations on small networks each PC is a server and you must run the Server and Computer Browser services with NetBIOS and WINS running in the background.
TekMason
Logged
Pages: [1]   Go Up
« previous next »
 

Powered by SMF 2.0 Beta 4 | SMF © 2006–2008, Simple Machines LLC
Page created in 9.532 seconds with 24 queries.