Netbios and bindiings

Discussion in 'Wireless Networks' started by RB, Mar 7, 2010.

  1. RB

    Andy Medina Guest

    That explains it. As Lem pointed out, you are looking in the wrong place.
    That is why I asked the questions in the order they were in. Maybe I should
    have said the menu item along the *menu bar* in the first place. :D
     
    Andy Medina, Mar 9, 2010
    #21
    1. Advertisements

  2. RB

    RB Guest

    However, you are looking in the wrong place.
    Oh why the heck did they stick it up there for, that seems odd to me
    given all of those menus are usually explorer generic.
    Anyhow thank you !
    I am not so much still sold on trying to use Netbeui (which appears to be an earlier
    version of Netbios) but I still have been unable to get key information to help me
    in my decision. Two things specifically,
    1. The poster Jack (MS, MVP-Networking) wrote
    { If you are worried that is a good idea.
    Adding NetBEUI as Sharing Protocol in WinXP:
    http://www.ezlan.net/netbeui.html
    }
    I replied to him but he never answered. Did I misunderstand him or is he saying
    he things netbuei is a good thing still ?

    2. Ok say I keep netbios and I disable the ports you guys told me about .
    I am concerned that if I disable them it will intefere with apps that might be
    using these ports. I did a search for a way to find out who is using what and
    I got the following results from netsat. I cut out all but the 3 ports spoke of.
    So what is going to happen with these apps if I block these ports ?
    ----------------------------------------------------
    netstats -a /b -n
    returned this
    Active Connections
    Proto Local Address Foreign Address State PID
    TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1368
    c:\windows\system32\WS2_32.dll
    C:\WINDOWS\system32\RPCRT4.dll
    c:\windows\system32\rpcss.dll
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ADVAPI32.dll
    [svchost.exe]

    TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
    [System]

    TCP [::]:135 [::]:0 LISTENING 1368
    -- unknown component(s) --
    toside.sys
    -- unknown component(s) --
    [svchost.exe]


    UDP 0.0.0.0:445 *:* 4
    [System]

    UDP 192.168.1.2:138 *:* 4
    [System]
    ============ALSO===
    Another question when I look in the ADVANCED->bindings that you just showed
    me how to view, I don't see any Netbios listed when I do have it Enabled in my TCP
    properties ? What is up with that ?
    And what is up with the MS TCP/IP ver 6 ? I have that in addition to the Internet TCP/IP ?
     
    RB, Mar 9, 2010
    #22
    1. Advertisements

  3. | Oh why the heck did they stick it up there for, that seems odd to me
    | given all of those menus are usually explorer generic.
    | Anyhow thank you !
    | I am not so much still sold on trying to use Netbeui (which appears to be an earlier
    | version of Netbios) but I still have been unable to get key information to help me
    | in my decision. Two things specifically,
    | 1. The poster Jack (MS, MVP-Networking) wrote
    | { If you are worried that is a good idea.
    | Adding NetBEUI as Sharing Protocol in WinXP:
    | http://www.ezlan.net/netbeui.html
    | }
    | I replied to him but he never answered. Did I misunderstand him or is he saying
    | he things netbuei is a good thing still ?

    | 2. Ok say I keep netbios and I disable the ports you guys told me about .
    | I am concerned that if I disable them it will intefere with apps that might be
    | using these ports. I did a search for a way to find out who is using what and
    | I got the following results from netsat. I cut out all but the 3 ports spoke of.
    | So what is going to happen with these apps if I block these ports ?
    | ----------------------------------------------------
    | netstats -a /b -n
    | returned this
    | Active Connections
    | Proto Local Address Foreign Address State PID
    | TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1368
    | c:\windows\system32\WS2_32.dll
    | C:\WINDOWS\system32\RPCRT4.dll
    | c:\windows\system32\rpcss.dll
    | C:\WINDOWS\system32\svchost.exe
    | C:\WINDOWS\system32\ADVAPI32.dll
    | [svchost.exe]

    | TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
    | [System]

    | TCP [::]:135 [::]:0 LISTENING 1368
    | -- unknown component(s) --
    | toside.sys
    | -- unknown component(s) --
    | [svchost.exe]


    | UDP 0.0.0.0:445 *:* 4
    | [System]

    | UDP 192.168.1.2:138 *:* 4
    | [System]
    | ============ALSO===
    | Another question when I look in the ADVANCED->bindings that you just showed
    | me how to view, I don't see any Netbios listed when I do have it Enabled in my TCP
    | properties ? What is up with that ?
    | And what is up with the MS TCP/IP ver 6 ? I have that in addition to the Internet
    | TCP/IP ?


    The fist 1024 TCP and UDP ports are the oldest and most standardized protocols. TCP/UDP
    ports 135 ~ 139 and 445 are completely safe to blockon any FireWall Appliance and NAT
    Routers. Blocking them will only enhance your security. Having them blocked will not
    block some unknow application or content.

    The LAN side of the NAT Router you have is your enclave. You can safely have all network
    protocols at their default and move the security from each PC to that of the perimeter.
    Blocking TCP/UDP ports 135 ~ 139 and 445 on the LAN/WAN barrier means you SOHO LAN is
    safer on the Internet and all nodes on the LAN side can communicate fully without protocol
    settng hinderence.

    There are two levels of concern on your LAN side
    wired
    wireless

    Unless somone has physical access to your CAT-5 Ethernet LAN, no one is going to be
    tapping your LAN through the Ethernet topolgy.

    Wireless is different. You have to take further steps. Like I mentioned,
    * Use a strong PreShared authentication key
    * WPA2
    * USE AES encryption
    * Choice to use MAC Authentication (You tell the Router what MAC addresses can use
    WireLess and then thy are the only MAC addreses that can use WiFi on your SOHO LAN)

    Then the Wireles has been secured as best you could.

    Once you have done that, there is NO NEED to fuss with "NetBIOS over IP" for any nodes on
    the LAN side.

    To further enhance your security I suggested,
    * Disable all remote management protocols to the Router
    * Disable WAN ICMP and UDP traceroute capabilities.

    BTW: Some advocate blocking TCP port 4567
    http://en.wikipedia.org/wiki/TR-069

    I block it on my FiOS Router.
     
    David H. Lipman, Mar 10, 2010
    #23
  4. RB

    RB Guest

    Ok this is good information. Thank you.
    My router offers AES, but when I look at my laptop's broadcom wireless I don't see AES as an
    offering, but only shows WPA TKIP ? Is this capability dependent on both the router and the
    wireless node drivers ?
    Well I thought about this but then I read it is easy for hackers to clone a MAC so is it really that
    effective ?
    Whoa wait a minute you are loosing me here. I still need to see my nodes within my workgroup
    how will I be able to do this without Netbios ?
     
    RB, Mar 10, 2010
    #24
  5. | Ok this is good information. Thank you.

    | My router offers AES, but when I look at my laptop's broadcom wireless I don't see AES
    | as an
    | offering, but only shows WPA TKIP ? Is this capability dependent on both the router
    | and the
    | wireless node drivers ?


    The notebook will sync wirth the WireLess Router's encryption.


    | WireLess and then thy are the only MAC addreses that can use WiFi on your SOHO LAN)

    |
    | Well I thought about this but then I read it is easy for hackers to clone a MAC so is
    |
    | it really that effective ?

    It can be done but NOT easily.

    | Whoa wait a minute you are loosing
    | me here. I still need to see my nodes within my
    | workgroup
    | how will I be able to do
    | this without Netbios ?


    Leave NetBIOS alone !
    You want to play with unbinding NetBIOS from IP. I've been trying to tell you why you
    don't need to !
     
    David H. Lipman, Mar 10, 2010
    #25
  6. RB

    RB Guest

    Leave NetBIOS alone !
    Ok I sense I misunderstood your meaning when you said
    I thought you meant I did not "need" Netbios enabled, but rather you meant if I disabled
    said ports then I did not need to unbind Netbios,....correct ?
    Which brings me to another point of confusion, ( I understand now that I don't need to
    worry about the unbinding ) but I don't understand why netbios is not showing up in
    the bindings window ? I do have it enabled over TCP/IP so shouldn't it be showing up?
     
    RB, Mar 10, 2010
    #26
  7. RB

    Andy Medina Guest

    NetBEUI is an extention of NetBIOS, it is not an earlier version of
    Netbios.
    NetBEUI = NetBIOS Extended User Interface

    From the url above:

    "NetBEUI has less overhead, so it is very efficient in small networks (less
    then 10 computers), and it is actually faster then TCP/IP.

    However on large Networks it produces the opposite effect, and might "bog"
    down the Network.

    Networking is dominated by the Professional IT people and they do not like
    NetBEUI as a result you will always hear negative remarks when NetBEUI is
    mentioned.

    Because it is a problem on large Networks, and it is Not Routable, Microsoft
    is phasing it out.

    It is included on Windows XP CD ROM, but Microsoft is Not supporting it
    anymore. However there is nothing to support in NetBEUI when it used in a
    simple peer to peer small Network. "


    Network pros don't like it because they usually work with MANY machines on
    the LAN. And it WILL "bog" down the network because it is a VERY
    talkative/noisy protocol. The protocol itself is fine for small networks,
    but the mantra is DON'T install any more network protocols than neccessary
    [AKA the KISS principle :D ]. If you take the precautions folks on here have
    been suggesting, there is no need for NetBEUI. It will not be the end of the
    world if you decide to use NetBEUI. But if you do, then you have to be sure
    NetBEUI is the ONLY protocol that is bound to File and Printer Sharing and
    for Client for Microsoft Networks. So you have to manage two protocols for
    each machine's network adapter, but that's not as hard to do as it sounds.
    Also, websites that suggest using NetBEUI state there are certain situations
    where NetBEUI would be a good option, but they do not flatly state to use
    NetBEUI as a substitute for NetBIOS/TCP in all situations.

    More on NetBIOS and NetBEUI at http://en.wikipedia.org/wiki/Netbios


    You will be blocking the ports at the router's firewall not on the machine's
    firewall. If an app uses those ports through the *router* (IOW [LAN ethernet
    port <=> WAN ethernet port] and NOT through the built-in *switch* which is
    [LAN ethernet port <=> LAN ethernet port]) that would be bad and is exactly
    what you are trying to prevent. The machines on the LAN will still see and
    use those ports. Think of the router as having two items (a switch and
    router, a wireless router adds a radio/hub to the mix) that are in one box.
    The router's firewall primarily affects traffic going through the *router*
    (that is between a LAN ethernet port to the WAN ethernet port) and usually
    does not affect traffic going through the *switch* (that is between a LAN
    ethernet port to another LAN ethernet port).


    From http://en.wikipedia.org/wiki/Netbeui (which actually redirects to
    http://en.wikipedia.org/wiki/Netbios)
    "As strictly an API, NetBIOS is not a networking protocol." So you will not
    see it listed there.


    IPv6 uses 128-bit addresses while IPv4 uses only 32 bits. The address space
    for IPv4 is pretty much exhausted, so IPv6 will create a much much bigger
    address space for all the devices needing an IP address. Other enhancements
    were also made to the protocol. More on IPv6 is at
    http://en.wikipedia.org/wiki/IPv6 and at
    http://technet.microsoft.com/en-us/network/bb530961.aspx

    BTW IPv6 is not MS-centric although MS might have put a twist or two into
    it's implementation. IPv6 was defined in December 1998 by the Internet
    Engineering Task Force (IETF) with the publication of an Internet standard
    specification, RFC 2460

    Have we made your head swim yet? :D
     
    Andy Medina, Mar 10, 2010
    #27
  8. RB

    Andy Medina Guest

    NetBIOS is not "bound" to anything. It is simply enabled over TCP/IP.
    That is why you do not see it listed under the bindings dialog box. See
    below.

    From http://en.wikipedia.org/wiki/Netbeui (which actually redirects to
    http://en.wikipedia.org/wiki/Netbios)
    "As strictly an API, NetBIOS is not a networking protocol." So you will not
    see it listed there.
     
    Andy Medina, Mar 10, 2010
    #28
  9. RB

    RB Guest

    Have we made your head swim yet? :D

    Actually no, although there has been a diverse spectrum of opinion replied.
    I think I have learned enough from everyone (especially you and David ) to
    be able to intelligently work with the process now. This last reply of yours
    really elaborated and nailed down a lot of loose ends in my mind. I feel
    now (given the small size of my Lan) that I could toss the dice and go with
    either Netbios or Netbeui and have good security results.....but
    my biggest problem (that has spurred me into all of this ) is the fact that
    as soon as I tried to move from a ( no logon password user accts using
    "simple file & print sharing" ) scenario to a more secure password logon
    user accts I have been unable (to keep an off topic troubleshooting story
    brief ) to get all of my nodes to see each other. I have tried until I was exhausted
    with conversing with support groups but I just could not get it to work.
    So I then started to think of trying Netbeui hoping it might work when I
    could not get the Netbios over tcp/ip to function.
    I now am wondering if maybe Windows Home Server might be a solution.
    What are the security aspects of that ?
    Believe me I have done all sorts of suggested commands from ipconfig, ping,
    netstat, and net etc to try and track down why it won't work but finally I just
    gave up on it. It would appear that MS if more concerned with brushing
    over security (when they add the "recommended" to the Simple file sharing
    check box) than they are making password peer to peer lans work under
    password logons.
     
    RB, Mar 10, 2010
    #29
  10. RB

    Andy Medina Guest

    Getting computers to see each other on the LAN can be a headache. Usually
    the problem with not being able to see computers in My Network Places is
    because of Master Browser problems, NetBIOS over TCP disabled, or no
    firewall exception for File and Printer sharing.

    Some items you may want to go over:

    1) be sure you (re)share the items after you switch from simple file
    sharing. Even if you had/have them shared while under simple file sharing,
    go through and share them again. You have to have at least one item shared
    for the computer to show up.

    2) make sure File and Printer sharing is checked as an exception in the
    firewall of EVERY computer on the LAN. Look in the event logs (can't
    remember which category, apps or system) and if you see any "could not
    obtain master browse list from [computer name]" (can't remember the exact
    wording) then that computer has the exception unchecked. All it takes is one
    computer with the unchecked exception to mess everything up. It might also
    have the NetBIOS over TCP disabled.

    3) make sure the Computer Browser service is running on ALL computers.

    You might also try the SMB method (for troubleshooting) if the computer is
    not showing up. First make sure you can ping the computer in question. Then
    go to Start/Run and enter "\\[IP address of computer in question]" (without
    the quotes) and see if the network login screen comes up. I get to shared
    resources that way even if the computer with the shared resources does not
    show up in My Network Places. And this is the only way to get to shared
    resources if the NetBIOS over TCP is disabled since you will not be able to
    see the computer in My Network Places.
     
    Andy Medina, Mar 10, 2010
    #30
  11. RB

    Andy Medina Guest

    After reading the above and my use of "port", it even confuses me. :D By
    "LAN ethernet port" or "WAN ethernet port" I mean the physical connector on
    the router. It is not a reference to the TCP or UDP numbered port. On the
    other hand just plain "ports" does refer to the TCP or UDP numbered port.
     
    Andy Medina, Mar 10, 2010
    #31
  12. RB

    RB Guest

    Oh ok, some of the bindngs screens I saw were confusing since it showed the
    following (this may have been for NT-4)
    - Netbios Interface
    + Wins Client Tcp/Ip
    + NetBeui Protocol

    But I think I understand what you are saying. It appears I might have been correct
    when I thought that if I installed Netbeui then I would see the Netbios listing in the
    bindings window.
     
    RB, Mar 10, 2010
    #32
  13. RB

    RB Guest

    Yes I have already checked all of those, The Master Browser was loaded on
    both machines, Netbios was Enabled over TCP on both machines and the
    exception for File and Print sharing was checked and and under
    Tools->FolderOptions->View-> the Simple file and print sharing is unchecked.
    Well I think I already did this, but just to make sure I will try that.
    Yes did this
    The only event Browser msg I get is this one: (one msg during each attempted session)
    Event ID 8033, The browser has forced an election on network
    \Device\NetBT_Tcpip_{72F9CC0C-509F-45A0-85A7-1FE1CC4F6328}
    because a master browser was stopped.

    In the ComponentServices->ServicesLocal shows that it was started (as well
    as Netbios
    I don't know what SMB is but I can ping everything with no problem.
    Well this is the crazy part, everything works flawlessly going from desktop to laptop.
    but on the first attempt going from laptop to desktop I do get the pswd logon
    screen but the OK is grayed out and it will not do anything once I type the pswd
    in. Then after this first attempt things start to break down with inconsistent results.
    But mainly I keep getting the Access denied msg when I click on the shared location
    in My network places (before I even get the sign pswd window)

    You don't really have to try and help me with this unless you just want to since I
    believe troubleshooting this might be off topic for this group, plus I believe my Lan
    might be cursed (or foobarred ) since I have tried so many things with no results.
    I'm not sure what I will do now, maybe delete my passwords and go back to
    Simple file & print sharing which worked great albeit unsecure.
    ?? What kind of security does Windows Home Server offer ??
     
    RB, Mar 10, 2010
    #33
  14. RB

    Andy Medina Guest

    In that case you might want to try out NetBEUI. It can't hurt anything [if
    done right :D ]. From the http://www.ezlan.net/netbeui.html website
    mentioned previously: "In many cases TCP/IP is working well with the
    Internet but it is not functioning for Local File/Printer Sharing. NetBEUI
    might "Bail" out and will allow Easy Local File/Printer Sharing."


    Sorry, can't help with that since I am not familiar with Windows Home
    Server.
     
    Andy Medina, Mar 10, 2010
    #34
  15. RB

    RB Guest

    Thanks for the link and all the other information, I have learned quite a bit.
    Later....RB
     
    RB, Mar 10, 2010
    #35
  16. RB

    Andy Medina Guest

    BTW the user account passwords do NOT have to be deleted if you go back to
    Simple File and Print Sharing (SF&P). SF&P uses the Guest account *only* to
    access shared resources. No other account can be used for network/remote
    logins.

    From http://support.microsoft.com/kb/304040

    "Behavior that is affected when Simple File Sharing is turned on

    * Remote users always authenticate as the Guest account."
     
    Andy Medina, Mar 11, 2010
    #36
  17. RB

    RB Guest

    In retrospec I would like you brief input on the following.

    1. If I implement Simple file and Print Sharing, but only go in and check it enabled
    on both machines when needed, this will offer a type of security in it's own, correct ?
    ( I am assuming I can do this without the trouble of a reboot)

    2. In addition to this, if I implement logon passwords, what other protection does this offer
    besides keeping physical users from accessing my computer (other than one who has pswd )
    Thanks for the confirmation. I really took off my passwords in attempt to
    get even simple file sharing working again. But alas it did not help. I read the KB
    but I have the Everyone (and all the other default) group on both machines.
    Something is really screwed since I tried to incorporate passwords. I have
    all my data files on a separate partition (on both machines) so I may just have
    to reinstall the OS and all my apps to the C: drive and start over. A good days
    work between the two of them but I am reaching the end of my rope with this.
     
    RB, Mar 11, 2010
    #37
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.