| VID |
28085 |
| Severity |
20 |
| Port |
137 |
| Protocol |
UDP |
| Class |
SMB |
| Detailed Description |
The NetBIOS name information has been gathered. A remote attacker could use this to gain access to sensitive information such as NetBIOS computer name, workgroup/domain name, currently logged on user name and MAC address, etc.
* References:
http://support.microsoft.com/?kbid=299977
* Platforms Affected:
Microsoft Windows Any version |
| Recommendation |
To disable WINS/NetBT(NetBIOS over TCP/IP) name resolution in Windows 2000/XP/2003:
1. Click Start, point to Settings, and then click Network and Dial-up Connections.
2. Click the local area connection that you want to be statically configured, and then click Properties on the File menu.
3. Click Internet Protocol(TCP/IP), click Properties, click Advanced, and then click the WINS tab.
4. Click Disable NetBIOS over TCP/IP.
5. Click OK, click OK, and then click OK. The changes take effect immediately without rebooting the system.
For Windows VISTA, 7, 2008, 10, 2016, 2019:
1. Go to Start menu -> Control Panel -> Network and Internet -> Network and Sharing Center
2. Click the local area connection that you want to be statically configured, and then click Properties on the File menu.
3. Click Internet Protocol(TCP/IP), click Properties, click Advanced, and then click the WINS tab.
4. Click Disable NetBIOS over TCP/IP.
For Windows 8, 2012:
1. Open the Charms and select search, type Control Panel, and click Control Panel. (The focus is local computer by default)
2. Click the local area connection that you want to be statically configured, and then click Properties on the File menu.
3. Click Internet Protocol(TCP/IP), click Properties, click Advanced, and then click the WINS tab.
4. Click Disable NetBIOS over TCP/IP.
* Warning: The computer no longer listens for traffic to the NetBIOS datagram service at User Datagram Protocol (UDP) port 138, the NetBIOS name service at UDP port 137, or the NetBIOS session service at Transmission Control Protocol (TCP) port 139. Careful testing should be done before disabling NetBIOS over TCP/IP in any production environment. Programs and services that depend on NetBIOS no longer function after you disable NetBT services, so it is important that you verify that your clients and programs no longer need NetBIOS support before you disable it.
To restrict the access to this service from untrusted networks, you can also block incoming traffic on UDP port 137 on your network gateway or using the personal firewall. |
| Related URL |
CVE-1999-0621 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
