Networking

NetBIOS over TCP/IP in Windows 2000 Server

Have you checked your keys lately? An intruder can get into your Windows 2000 Server system easily if you use NetBIOS over TCP/IP. Don't leave your servers unlocked—shut them down by following these steps.

The threat of crackers gaining access to your Windows 2000 Server systems and either stealing or destroying your data (or both!) is an ever-increasing possibility on this networked planet, despite your tight security. You use an internal subnet on unpublished IP numbers. The T1 goes to a firewall box that's connected to the Windows 2000 Server box running NAT. Remote Access isn't even used, and you've plugged up IIS. Even the FTP server doesn't allow unauthorized access from unqualified IP addresses.

Still, intruders can walk right in the front door if they have the key, and you can inadvertently give it to them, especially if you never use WINS. The trouble is that the default setting for NetBIOS over TCP/IP is on. Here's how to check:

  1. Go to Start | Settings | Network And Dial-up Connections and select the object that represents your connection to the Internet, whether it's connected directly or through a firewall.
  2. Click the Properties button to open a dialog and get the Properties for Internet Protocol (TCP/IP).
  3. Click Advanced in the bottom right-hand corner to switch to the WINS pane.
  4. In the lower half of the WINS pane are the NetBIOS Over TCP/IP options for this TCP/IP connection (which just happens to be directly connected to the Internet, likely with a static IP address). In its default setting, it allows TCP/IP to connect to NetBIOS on Port 139, a cracker's favorite. NetBIOS freely distributes plenty of information about the IP, domain name, and even your username (the aforementioned front door).
  5. Click the Disable NetBIOS Over TCP/IP radio button and click OK. This will take effect immediately.

Miss a column?

Check out the Windows 2000 Server archive, and catch up on the all the W2K Server columns.

Want more Win2K tips and tricks? Automatically sign up for our free Windows 2000 Server newsletter, delivered each Tuesday!

9 comments
P∆UL L∆M∆N
P∆UL L∆M∆N

Is this only a W2K Server problem or also for Pro? My Pro system had 'Use NetBIOS-settings of the DHCP server' switched on. Shoud this also be 'NetBIOS disabled'?

maxxx
maxxx

I'm not the networking expert in my business but I sure didn't know it

hpoppe
hpoppe

Windows 2000 pro is just as unsecure as any version of Windows, including XP, 2003 and Vista. The problem is that it uses NetBIOS over TCP/IP by default. This should have been taken out before Windows 95, but Microsoft favours "user friendliness" over security.

DaShard_z
DaShard_z

And is this guaranteed not to cause any other issues of resolution of connectivity on the internal network? Maybe if we could get a phone number published so we can put in a support call for any other little weirdnesses that might happen - just in case!

P∆UL L∆M∆N
P∆UL L∆M∆N

Of course I tried this setting on one of my W2K Pro machines. It immediately dropped all my network (samba) shares on my Freecom FSG...! So I'd rather stick to the setting 'Use NetBIOS settings of the DHCP server'. Hope this is more secure than enabling NETBIOS over TCP/IP? Paul

blaise
blaise

This will also have the result of removing your server from 'My Network Places" on the entire internal network. Many times even with DNS and WINS operating correctly , a search for the server on the local network will fail. Not a great scenario.

IT Guy with many hats
IT Guy with many hats

Any network admin worth anything would have the firewall blocking ports 137,138,139 and 445 to the outside world. These ports have been known as security leaks for years and if you know you job as a Network Admin this isn't even an issue.

Howard.Hooper
Howard.Hooper

setting your machine to 'use netbios settings of dhcp server' would have the same effect as enabling the 'use netbios over tcp/ip' option. The best thing to do on your network is follow the advice of an earlier comment and block the necessary ports on your firewall

Editor's Picks