Q

Avoiding NetBIOS attacks without limiting remote access

I just read your article on blocking NetBIOS connections to Windows XP Pro. It seems like a good way to avoid NetBIOS attacks, but I have a couple of doubts:

  • If I'm going to block all NetBIOS and CIFS traffic, wouldn't it be better to remove the server service? It would be easier, and it would reduce the running processes in the workstation (no server, no filter).
  • If I put any of these measures in practice, I would block my ability to manage the workstation remotely, right?
  • Thanks in advance for your attention.
    You are correct, which is why I suggested double checking with members of your administrative staff before implementing such a policy. Disabling the Server Service would also block all NetBIOS traffic, but using an IPsec policy would potentially allow you to create "exception lists" that would permit the IP addresses of your administrative workstation to manage your workstations remotely, while still denying other access.

    This was first published in July 2003

    Dig deeper on Microsoft Systems and Network Troubleshooting

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchServerVirtualization

    SearchCloudComputing

    SearchExchange

    SearchSQLServer

    SearchWinIT

    SearchEnterpriseDesktop

    SearchVirtualDesktop

    Close