Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | (show all)   Print Thread
Standard User meditator
(fountain of knowledge) Thu 08-May-14 16:17:15
Print Post

Is NetBIOS Over TCP/IP still a flaw in filesharing?


[link to this post]
 
Can't remember if I've asked this question before. If so, you'll have to forgive me.

Is 'NetBIOS Over TCP/IP' still a flaw in File & Printer Sharing (F & PS) in networking? My understanding was that it definitely was, throughout the 1990s and till at least the mid 2000s. It was still being exploited by hackers, apparently, even on Windows XP machines. However, I've no idea whether, for Windows machines, Microsoft then produced a fix for it. If you google for it these days, you still turn up those early views on it, and opinions going back to about 2011 remain divided on it.

As I understand it, NetBIOS is the means for devices on a local area network to advertise their presence to other devices, and NetBIOS Over TCP/IP is then the protocol for transferring data between them, eg. files from one computer on the network to another, or a file to a shared printer on the network. NetBIOS Over TCP/IP was, and still is as far as I can see, used on both Windows machines and Macs, for both home and commercial networks.

The trouble is, I believe, that NetBIOS works over wide-area networks too, such as the Internet. So, if on the LAN you set up a number of computers to share files, the theory goes that the files become totally exposed to the outside world when you access the Internet at some other time (because both NetBIOS and F & PS are normally left permanently enabled). OK, you can get around this by reconfiguring those settings on the affected machines, but having to do and undo the settings every time that files need to be shared would obviously be a real bind.

Apparently, in the 1990s and early 2000s hackers exploited this vulnerability to a considerable degree. The response by Microsoft and others was, at the time, for users to simply turn off F & PS. However, if you do that, all filesharing becomes disabled (as then the sharing of files, whether across the LAN or across the Internet, is no longer allowed through the Windows Firewall). So, that wasn't a practical longterm solution.

The question is whether this flaw was ever fully dealt with by the major computer corporations? Given the number of home and commercial Ethernet networks that must exist these days, where filesharing must be reasonably common, is the enabling of both NetBIOS Over TCP/IP and F & PS still a serious security hazard? I'd like to know because I'm setting up a LAN at present and will want to use F & PS on an XP machine and a number of others.
Standard User XRaySpeX
(eat-sleep-adslguide) Thu 08-May-14 23:56:16
Print Post

Re: Is NetBIOS Over TCP/IP still a flaw in filesharing?


[re: meditator] [link to this post]
 
Won't your LAN be protected by the router's firewall anyway? Home routers wern't so prevalent in 1990s, early 2000s.

My XP's Network Connection has no 'NetBIOS' entry at all, altho' I remember seeing it in the past, prob. on W95. Or are you saying it's a component of F&PS?

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC
Standard User meditator
(fountain of knowledge) Fri 09-May-14 17:40:48
Print Post

Re: Is NetBIOS Over TCP/IP still a flaw in filesharing?


[re: XRaySpeX] [link to this post]
 
Yeh, if in WinXP you go into the Properties of the Local Area Network Connection you'll see:

Client For Microsoft Networks
File & Printer Sharing
QoS Packet Scheduler
TCP/IP

If you click the Properties button for TCP/IP, you'll then see the IP address configration and DNS. There's an Advanced button there too, so click on that and you'll then see several tabs. Look at what's in the WINS tab. Regardless of whether you use DHCP or fixed addresses on the LAN, NetBIOS Over TCP/IP is shown there as a necessary option. Indeed, I myself am using fixed addresses, and F & PS sharing simply won't function unless NetBIOS is enabled in that WINS tab. I'm finding that both NetBIOS and F & PS can be disabled and as a consequence the machines can still access the Internet and can still output to the printer. However, filesharing is no longer possible. Another thing to appreciate is that if you're running the Windows Firewall on the XP machine and the Firewall is correctly configured, F & PS should be an Exception (normally it's blocked by the Firewall).

I've been continuing to explore this question on the Web. Questions were being continually asked about it right up until around 2007. I came across one in 2011 too. But nobody seemed to know the real ins and outs of it.

The problem has been that NetBIOS is something that runs on WANs as well as LANs, so when machines on the LAN need to perform filesharing, F & PS has to be on and NetBIOS Over TCP/IP running. The sharing machines announce their presences using NetBIOS. However, if you subsequently access the Internet, it seems that you effectively cause the machines to also announce their presences there too!

Certainly, in the 1990s and early 2000s this was a big security flaw, and Microsoft advised users not to use F & PS sharing because of it. You'll find that these days even Macs use NetBIOS namings. On a Mac, look in the WINS tab in the Advanced button of the Network applet (manually configured) in System Preferences.

As to what then transpired is anyone's guess but I'm now of the view that this flaw must have only been a problem when we all used dial-up modems. Unless a pretty sophisticated firewall was incorporated behind the modem, machines on any LAN were wide open to this flaw. My memory's poor these days and I can't recall what was used that far back but I think a computer would have been used as the gateway device, separating off the LAN from the Internet. I think that when routers then came on the scene, the issue probably disappeared, due to the incorporation of NAT translation in routers. Does that make sense to you?

It probably wasn't until post-XP that routers became popular. Say, 2006/7. So, it all kinda fits.

With so many home and commercial LANs in operation these days around the world, I otherwise can't believe that using F & PS and NetBIOS Over TCP/IP is still a vast security loophole.


Register (or login) on our website and you will not see this ad.

Standard User XRaySpeX
(eat-sleep-adslguide) Fri 09-May-14 20:15:17
Print Post

Re: Is NetBIOS Over TCP/IP still a flaw in filesharing?


[re: meditator] [link to this post]
 
In reply to a post by meditator:
NetBIOS Over TCP/IP is shown there as a necessary option
Dunno about necessary! My XP has NetBIOS Default ticked - Use NetBIOS setting from DHCP. The 2 Enable/Disable NetBIOS Over TCP/IP are unticked.
In reply to a post by meditator:
I'm now of the view that this flaw must have only been a problem when we all used dial-up modems.
Exactly what I said - you now rely on router's firewall.

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC
Standard User Ignitionnet
(knowledge is power) Fri 09-May-14 22:46:10
Print Post

Re: Is NetBIOS Over TCP/IP still a flaw in filesharing?


[re: meditator] [link to this post]
 
You shouldn't need NetBIOS. It's there to support legacy applications.

Devices can exchange files perfectly well via CIFS / SMB to TCP port 445. NetBIOS is not used to exchange the actual files.

Have your DHCP server tell devices to switch it off, they can use DNS to find one another and SMB to do the file transfers.

http://en.wikipedia.org/wiki/Server_Message_Block
http://en.wikipedia.org/wiki/NetBIOS_over_TCP/IP#Dec...

Edited by Ignitionnet (Fri 09-May-14 22:46:38)

Standard User meditator
(fountain of knowledge) Fri 09-May-14 23:41:21
Print Post

Re: Is NetBIOS Over TCP/IP still a flaw in filesharing?


[re: Ignitionnet] [link to this post]
 
I'm not using the DHCP server in the router, I'm using fixed IP addresses on the LAN.

What you suggest about DNS seems to partly work without NetBIOS, but if I turn off NetBIOS then filesharing becomes disabled.
Standard User XRaySpeX
(eat-sleep-adslguide) Sat 10-May-14 01:13:43
Print Post

Re: Is NetBIOS Over TCP/IP still a flaw in filesharing?


[re: Ignitionnet] [link to this post]
 
In reply to a post by Ignitionnet:
Devices can exchange files perfectly well via CIFS / SMB to TCP port 445.
How's that translate into ordinary user GUI terms? I just see F&PS. Are you just saying that those are the underlying protocols employed?

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC
Standard User meditator
(fountain of knowledge) Sat 10-May-14 13:29:54
Print Post

Re: Is NetBIOS Over TCP/IP still a flaw in filesharing?


[re: XRaySpeX] [link to this post]
 
XRaySpex and Ignitionnet,

The business of using alternative protocols for F & PS can develop into a hairy subject and certainly one that I don't as yet comprehend. But yes, I've read somewhere that SMB (Server Message Block Protocol) affords some interoperability between SMB and NetBIOS. SMB is used by Macs, although Macs also recognise NetBIOS device names, as I may have mentioned earlier.

Others on the Web have maintained that using something called LMHOSTS may be a feasible alternative to NetBIOS. Actually, you'll see a configuration option for LMHOSTS in that WINS tab in the Local Area Connection Properties of WinXP. When I tried to explore use of that I merely got taken to a random location on the computer, completed unassociated with networking, and had no clue what to do next.

I think that, with NetBIOS and F&PS, Ports 137 - 139 are in use, with Port 445 sometimes being specifically for F & PS. So, if you know how to do it, some improvement to the security might be achievable through using port filtering in the computers on the LAN. If, next to that WINS tab, you look in the Options tab, you'll see a configuration for TCP/IP filtering. There are three categories - TCP Ports, UDP Ports and IP Protocols. Again, I've no idea how to configure these. And whether using any of them will affect normal Internet access is unknown by me.

Of course, all of this might well prove irrelevant now. If my and others' assumption is correct, in that the router will never expose any devices on the LAN set up for file-sharing, when the Internet is accessed, then there shouldn't be anything to worry about. But that's only an assumption at present. I do still wonder, for instance, how file sharing works between remote computers, ie. from LAN to LAN, across the Internet.

Addendum: Yes Ignitionnet, those wikipedia links you've quoted are quite informative. They demonstrate also just how complex the subject can get. I have to confess that I don't grasp it all (at least, not yet). One thing mentioned in those links was a move away from NetBIOS to using DNS resolution. In that regard, I suspect that the configuration on my Windows machine is possibly not fully completed. That's to say, in my aforementioned tabs in the TCP/IP Properties I've set my router's LAN address for the DNS, but I've had no idea which address to insert in the WINS tab. (Should it be, in this scenario, the address of the computer on the LAN acting as the server for the files?). If you can offer me any advice on that I'd be grateful. Conceivably, if I can get that right, my filesharing on the LAN will then work without needing to enable NetBIOS Over TCP/IP.

Edited by meditator (Sat 10-May-14 15:50:44)

Standard User XRaySpeX
(eat-sleep-adslguide) Sat 10-May-14 20:07:10
Print Post

Re: Is NetBIOS Over TCP/IP still a flaw in filesharing?


[re: meditator] [link to this post]
 
In reply to a post by meditator:
I do still wonder, for instance, how file sharing works between remote computers, ie. from LAN to LAN, across the Internet.
FTP?

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC
Standard User meditator
(fountain of knowledge) Sat 10-May-14 22:04:08
Print Post

Re: Is NetBIOS Over TCP/IP still a flaw in filesharing?


[re: XRaySpeX] [link to this post]
 
Good point. There are other contexts, though.
Pages in this thread: 1 | 2 | (show all)   Print Thread

Jump to