Problem solve Get help with specific problems with your technologies, process and projects.

Avoiding NetBIOS attacks without limiting remote access

I just read your article on blocking NetBIOS connections to Windows XP Pro. It seems like a good way to avoid NetBIOS attacks, but I have a couple of doubts:

  • If I'm going to block all NetBIOS and CIFS traffic, wouldn't it be better to remove the server service? It would be easier, and it would reduce the running processes in the workstation (no server, no filter).
  • If I put any of these measures in practice, I would block my ability to manage the workstation remotely, right?
  • Thanks in advance for your attention.
    You are correct, which is why I suggested double checking with members of your administrative staff before implementing such a policy. Disabling the Server Service would also block all NetBIOS traffic, but using an IPsec policy would potentially allow you to create "exception lists" that would permit the IP addresses of your administrative workstation to manage your workstations remotely, while still denying other access.

    Dig Deeper on Enterprise infrastructure management

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.