Avoiding NetBIOS attacks without limiting remote access

I just read your article on blocking NetBIOS connections to Windows XP Pro. It seems like a good way to avoid NetBIOS...

attacks, but I have a couple of doubts:

  • If I'm going to block all NetBIOS and CIFS traffic, wouldn't it be better to remove the server service? It would be easier, and it would reduce the running processes in the workstation (no server, no filter).
  • If I put any of these measures in practice, I would block my ability to manage the workstation remotely, right?
  • Thanks in advance for your attention.
    You are correct, which is why I suggested double checking with members of your administrative staff before implementing such a policy. Disabling the Server Service would also block all NetBIOS traffic, but using an IPsec policy would potentially allow you to create "exception lists" that would permit the IP addresses of your administrative workstation to manage your workstations remotely, while still denying other access.

    This was first published in July 2003

    Dig Deeper



    Find more PRO+ content and other member only offers, here.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.



    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:









    • Virtual desktop security guide

      To secure virtual desktops, consider antivirus, certificates and network vulnerabilities. Just remember, VDI doesn't always ...

    • Guide to low-cost desktop virtualization

      In this guide, learn to virtualize desktops without spending more than you would when deploying PCs, and what VDI vendors are ...

    • VDI pilot project guide

      A VDI pilot project should start with a VDI project plan. Know what pitfalls to avoid and test product options to achieve a ...