Network Basic Input/Output System, courtesy of Big Blue. A session layer API. It can bind to TCP/IP, IPX, or NetBEUI. A NetBIOS request is done via a Network Control Block (NCB). It provides session and transport services (see OSI model), but not a frame for transmission (which is provided by NetBEUI).

Almost everyone on the Internet is using TCP/IP, but they also have NetBIOS installed and running in the background, even though it is a security risk. NetBIOS by itself isn't routable, but it can be routed if it's piggybacked on top of a routable protocol like TCP/IP.

If you're not running a firewall and you're using Windows, you more than likely have NetBIOS just waiting for people to connect to you. To check your setup, visit Steve Gibson's website ( http://www.grc.com ) and run both the ShieldsUp! and Probe tests. In particular, look for the NetBIOS port being open (Port# 139).

OK, so it's open, so what?

Anyone can run attacks on you, such as running:
nbtstat -A ###.###.###.### (replace the #'s with an IP address of the remote computer)

You'll see something similar to this:


   workgroup       <00>     GROUP        Registered
   user            <20>     UNIQUE       Registered
   MAC Address = 00-FF-4E-84-99-EA

The item <20> indicates the system has File And Printer Sharing enabled.

This allows a hacker to do the following at the DOS prompt:

net view \\###.###.###.### (replace the #'s with an IP address of a remote computer)

which results in:

     Shared resources at \\###.###.###.###
     Computer Name

     Share name   Type   Used as   Comment
     ---------------------------------------------------------
     C-Drive      Disk             The C drive on my Win98 box
     HP2200       Print            HP 2200dSE printer on Win98 

     The command completed successfully.

The Disk shows the computer is sharing a disk named as C-Drive. The Print shows the name of the shared printer. For real fun, they can connect to you using:

net use x: \\###.###.###.###\C-Drive
or
net use x: \\###.###.###.###\C$

The command completed successfully

where x: is the drive letter to map to the remote machine. Now they may have access to the hard drive, or they may have to run a password cracker for full access. Most of the time it's shared with no passwords.

They can also attach to your printer the same way, then print black pages to kill your ink or toner. There are also several exploits that can crash Windows.

As most Linux users will tell you, if you don't need something, don't install or run it. Most of the time it will end up just being a security risk with no benefits.

Log in or register to write something here or to contact authors.