Netbios and bindiings

Discussion in 'Wireless Networks' started by RB, Mar 7, 2010.

  1. RB

    RB Guest

    Running XP Pro sp3
    Peer to Peer (no server software) Lan with password logon enabled,
    Client for MS Networks and File & Print Sharing, all nodes are in the
    same named Workgroup, running a NAT firewall enabled Linksys router
    out connected to cable modem and all nodes connected into router either
    by hard wire ethernet or wireless (wireless running TKIP encryption (WPA))

    I have two questions: (subject may be because of dated material I'm reading)
    1. One some of the text I'm reading shows screens of Network Bindings to all services
    But in my properties of network connections I cannot find any such screen,
    the nearest I can come to it is the Enable or Disable Netbios over TCP/IP, but
    this does not give binging or unbinding for any of the services running ?
    Where can I get to this ?
    2. I've read that Netbios is a security issue over TCP since it could allow inside
    Lan stuff to outside. Has Netbios been upgraded to alleviate this or is installing
    Netbeui a more secure solution since I need local Lan sharing of some folders.
     
    RB, Mar 7, 2010
    #1
    1. Advertisements

  2. From: "RB" <[email protected]>

    | Running XP Pro sp3
    | Peer to Peer (no server software) Lan with password logon enabled,
    | Client for MS Networks and File & Print Sharing, all nodes are in the
    | same named Workgroup, running a NAT firewall enabled Linksys router
    | out connected to cable modem and all nodes connected into router either
    | by hard wire ethernet or wireless (wireless running TKIP encryption (WPA))

    | I have two questions: (subject may be because of dated material I'm reading)
    | 1. One some of the text I'm reading shows screens of Network Bindings to all services
    | But in my properties of network connections I cannot find any such screen,
    | the nearest I can come to it is the Enable or Disable Netbios over TCP/IP, but
    | this does not give binging or unbinding for any of the services running ?
    | Where can I get to this ?
    | 2. I've read that Netbios is a security issue over TCP since it could allow inside
    | Lan stuff to outside. Has Netbios been upgraded to alleviate this or is installing
    | Netbeui a more secure solution since I need local Lan sharing of some folders.

    If you are worried, specifically block TCP and UDP port 135 ~ 138 and 445 on the Linksys
    Router.

    This way no NetBIOS over IP can leak out to the Internet and no hacker from the Internet
    can access via these ports.

    Use a PreShared authentication key for WireLess that is long and strong in conjunction
    with AES encryption and you may want to use MAC Authentication as well.

    Also disable all remote management protocols to the Router (that is POV of the WAN side)
    and disable WAN ICMP and UDP traceroute capabilities.
     
    David H. Lipman, Mar 7, 2010
    #2
    1. Advertisements

  3. RB

    Lem Guest

    A few minor points to add to David's good advice.

    - It sounds as if you've been reading Steve Gibson's advice at
    www.grc.com. That is pretty dated - it's for NT/4 and there have been
    quite a few changes since then.

    - As David suggests, change your encryption from WPA-TKIP to WPA-AES. If
    you have properly updated Windows XP and your wireless hardware is less
    than 7 years old or so, it probably will support AES.

    - With respect to NetBIOS over TCP/IP, start reading here:
    http://networking.nitecruzr.net/2006/04/netbios-over-tcpip.html
     
    Lem, Mar 7, 2010
    #3
  4. RB

    Andy Medina Guest

    Specifically what are you reading that shows "screens of Network Bindings to
    all services"? If we can view it we will be better able to answer that
    question. I would guess it's probably a NT thing.

    Any NAT router's firewall worth it's salt will block the NetBIOS/TCP (and
    SMB) ports between the LAN and WAN segments so NetBIOS/TCP (and SMB) traffic
    will stay within the LAN. I usually turn off NetBIOS/TCP on a laptop's
    wireless connection since they connect to various LANs when they go mobile.
    NetBIOS/TCP makes the machines visible in My Network Places. But SMB can
    still get to machines on the LAN unless the File and Printer sharing
    exception is turned off in the XP firewall. All the above will be mote
    unless the wireless is secured since wireless connections are on the LAN
    side. You have that covered with the WPA, but WPA2 would be better.

    I was at a hotel once where the hotel's *business* machines showed up on the
    hotel guest's LAN. Boy were they surprised (and VERY concerned) when I told
    them about it. I don't think they will have the same geek wanna-bes working
    on their networks anymore. :D
     
    Andy Medina, Mar 7, 2010
    #4
  5. RB

    RB Guest

    Ok, it there some app or some way I can tell if any of my apps use these ports ?
    Ok, my router does support this so I could make the switch, I wondering if I keep the
    same generated key could I just switch in the router without having to reconfigure all
    the laptops.
    I'm pretty sure I already have this set. Would I have to change anything if say a Tech support
    (at my clicked authorization) needed to take over my PC for configurations or is that a
    different thing ?
     
    RB, Mar 8, 2010
    #5
  6. RB

    RB Guest

    - It sounds as if you've been reading Steve Gibson's advice at www.grc.com.

    Yes his sight and a few others (which I surmise are also dated)
    Could you tell me some of the changes or give a link about such
    ( If it is not covered below)
    This has some interesting stuff. It will take me some time to read over
    this. I may come back with some different questions
     
    RB, Mar 8, 2010
    #6
  7. | Ok, it there some app or some way I can tell if any of my apps use these ports ?

    NetBIOS over IP and SMB uses these ports. That's why I indicate to delibarately block
    them at the Router (LAN/WAN barrier).


    |
    | Ok, my router does support this so I could make the switch, I wondering if I keep the
    |
    | same generated key could I just switch in the router without having to reconfigure all
    |
    | the laptops.


    If the PreShared authentication is weak then yes, you would if you chage it a strong
    authentication string. Mine is ASCII 13~4 cars. long using uppercase, lowercase and
    numbers.


    | I'm pretty
    | sure I already have this set. Would I have to change anything if say a Tech
    | support (at my clicked authorization) needed to take over my PC for configurations or is
    that a
    |
    | different thing ?

    If you invite them, it should't be a problem. They just won't be able to 'ping' you.
    However, I wouldn't let *any* tech support take control of my computer. Too much
    possibility of abuse.
     
    David H. Lipman, Mar 8, 2010
    #7
  8. RB

    RB Guest

    I saw the bindings at this link
    http://www.practicallynetworked.com/sharing/xp/network_protocols/network_protocols10.gif
    So these ports are not usually needed by any installed app ?
    What is SMB ? Is this any better than NWLink IPX/SPX ?
    See I need to see some shared folders on the Desktop
     
    RB, Mar 8, 2010
    #8
  9. Jack [MVP-Networking], Mar 8, 2010
    #9
  10. RB

    RB Guest

    "Jack [MVP-Networking]"
    So then you are saying that NetBeui is a good thing then ?
    I have the following questions if you would be so kind as to reply to them.
    What is SMB ? Is this any better than NWLink IPX/SPX ?
    See I need to see some shared folders on the Desktop

    Where is this mysterious screen found for bindings, does it install with netbeui ?
    I cannot find it on my xp machine.
    http://www.ezlan.net/network/XP_Net_advance.jpg
     
    RB, Mar 8, 2010
    #10
  11. RB

    Lem Guest

    RB wrote:

    Network Connections > Advanced > Advanced Settings. You can also
    install/remove "Network Components" from the same menu, without going
    through Control Panel > Add/Remove, etc.

    (P.S.: Sometimes, Help & Support does in fact provide help.)
     
    Lem, Mar 8, 2010
    #11
  12. From: "RB" <[email protected]>


    | "Jack [MVP-Networking]"
    | So then you are saying that NetBeui is a good thing then ?
    | I have the following questions if you would be so kind as to reply to them.
    | What is SMB ? Is this any better than NWLink IPX/SPX ?
    | See I need to see some shared folders on the Desktop

    | Where is this mysterious screen found for bindings, does it install with netbeui ?
    | I cannot find it on my xp machine.
    | http://www.ezlan.net/network/XP_Net_advance.jpg


    Don't use IPX/SPX unless you have software that needs IPX/SPX.

    If you add NetBEUI you will have to unbind NetBIOS from IP otherwsie you gain nothing and
    you don't want to remove TCP/IP or you won't access the Internet.

    If you follow my initial set of instructions, you don't have to add NetBEUI and fuss with
    unbind NetBIOS from IP.
     
    David H. Lipman, Mar 8, 2010
    #12
  13. RB

    Andy Medina Guest

    I agree with David, don't use NetBEUI. It is a *VERY* talkative/noisy
    protocol and there is really no need for it. NetBIOS/TCP will do just fine
    for the LAN sharing. IPX/SPX is more (but not exclusively) for Novell
    networks. I definitively wouldn't use that protocol unless an app (or game)
    needs it. As for SMB, it basically replaces NetBIOS/TCP for Printer and File
    sharing starting with the Windows 2000 version and it runs on top (or over)
    TCP (SMB/TCP). More at: http://en.wikipedia.org/wiki/Server_Message_Block

     
    Andy Medina, Mar 8, 2010
    #13
  14. From: "Andy Medina" <>

    | I agree with David, don't use NetBEUI. It is a *VERY* talkative/noisy
    | protocol and there is really no need for it. NetBIOS/TCP will do just fine
    | for the LAN sharing. IPX/SPX is more (but not exclusively) for Novell
    | networks. I definitively wouldn't use that protocol unless an app (or game)
    | needs it. As for SMB, it basically replaces NetBIOS/TCP for Printer and File
    | sharing starting with the Windows 2000 version and it runs on top (or over)
    | TCP (SMB/TCP). More at: http://en.wikipedia.org/wiki/Server_Message_Block

    I once had to setup a SOHO LAN using IPX/SPX for a multi-user network game. However I
    can't remember that Game's name and a few years have gone by.

    IPX/SPX was great for games because it is a faster, more tunable, network protocol than
    TCP/IP.

    Pegasus Mail (P-Mail) was Netware aware and it communcates natively via IPX/SPX to work
    with Netware as a multi-user office email application.

    Not too much call for IPX/SPX these days. :-(
     
    David H. Lipman, Mar 8, 2010
    #14
  15. From: "David H. Lipman" <[email protected]>

    < snip >

    | Pegasus Mail (P-Mail) was Netware aware and it communcates natively via IPX/SPX to work
    | with Netware as a multi-user office email application.

    < snip >

    I should add that Pegasus Mail just enjoyed 20 the anniversary.
    I never stopped using it.
     
    David H. Lipman, Mar 8, 2010
    #15
  16. RB

    Andy Medina Guest

    For question 1: Open the Network Connections Control Panel applet (Control
    Panel - Network Connections) and under the Advanced menu item is Advanced
    Settings. That will open the window you are looking for.
     
    Andy Medina, Mar 9, 2010
    #16
  17. RB

    RB Guest

    Network Connections > Advanced > Advanced Settings. You can also install/remove "Network Components" from the same menu, without
    Well evidently you have that screen on yours, but my XP pro sp3 does not.
    I have seen the screen in the past (I believe on XP home) but mine now
    only has 3 Netbios add scenarios. I was wondering if after I installed Netbuei
    the bindings window would then be visable ?
     
    RB, Mar 9, 2010
    #17
  18. RB

    Andy Medina Guest

    Which of the following is true?

    a) there is no "Advance" menu item in the Network Connections window.
    b) there is no "Advanced Settings" item under the Advance menu item.
    c) there is no "Adapter and Bindings" tab in the Advance Settings window.
    d) there is a "Adapter and Bindings" tab but nothing is listed.

    Is there a "Provider Order" tab in the Advance Settings window?
     
    Andy Medina, Mar 9, 2010
    #18
  19. RB

    RB Guest

    "Andy Medina"
    I don't know if I am allowed to post jpg attachments which I could do if I knew
    it was acceptable to do so. But there could be quite a few of them to expound
    everything. But as brief as possible this is the explained scenario:
    ControlPanel->NetworkConnections then right click on desired
    connection and choose properties, brings up a screen showing
    two tabs General and Advanced. I will tell you about the
    General tab first since I believe it expands to the area of
    question, (I will skip this particular Advanced tab till later)
    If you look at the General tab window you see in the first list
    box window my Network Adapter listing with a Configure button
    beside it. If you click the Configure button it basically covers
    driver installation or uninstalling etc.
    So back out of Configure back to the same said General Tab then
    if you look down the second list box window it has all of your
    protocols and file & print sharing services that are installed.
    If you highlite the tcp/ip protocol and click properties then you
    see a window with a General tab and a Alternate Config tab,
    Down at the bottom (of the General tab window) there is an
    Advanced button, if you click that you see an area that I believe
    is pertinant to this discussion. It has 4 tabs, IP Settings,
    DNS, WINS, and Options. If you click the WINS tab you see a window
    with a top list box where you can add WINS addresses, Below that
    you can check ENABLE LMHOSTs options. And below that is 3 options,
    1. Default use Netbios from DHCP server
    2. Enable Netbios over tcp/ip
    3. Disable Netbios over tcp/ip
    There are no bindings window to be found in "ANY" of the expanded
    windows stemming from the original NetworkConnections properties
    General tab.
    So then if you look at the original NetworkConnections properties
    Advanced tab (skipped over above) then you see a windows firewall
    window with one Settings button. So clicking on the Settings button
    you see the windows Firewall window with a General tab, an Exceptions
    tab and an Advanced tab. Expanding out "all" of these none of them
    bring up "any" bindings window.
     
    RB, Mar 9, 2010
    #19
  20. RB

    Lem Guest

    You can post pictures using one of the many web-based public picture
    hosting services.

    However, you are looking in the wrong place.

    For reference, here is how you get to the screen in question, although
    as David Lipman and Andy Medina say, you shouldn't use NetBEUI.

    1. Open Network Connections
    2. In the Menu bar (the one that has File, Edit, View, etc.), click
    "Advanced."
    3. In the drop-down menu under "Advanced," click "Advanced Settings."
    4. The "Advanced Settings" dialog should open. It has two tabs,
    "Adapters and Bindings" and "Provider Order."
     
    Lem, Mar 9, 2010
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.