DEVIL'S BLOG ON SECURITY

A DEVIL'S BLOG ON COMPUTER AND INFORMATION SECURITY, ETHICAL HACKING AND COUNTERMEASURES

Learn Ethical Hacking | Learn Hacking Online | Learn How To Hack|Hack Counter Hack| Ethical Hacking Tutorials

Home   ||   See All Tutorials  ||   Products  ||   About This Blog   ||  Subscribe To RSS Feed


Join facebook group THE HACKER DEVIL

Restrict Anonymous On NetBIOS

Restrict Anonymous On NetBIOS

In previous posts we saw how we can enumerate NetBIOS manually then by using tools. Here we will have our look on how we can counter NetBIOS Enumeration and null session attacks on system. Null session attacks can be avoided by restricting anonymous connections over NetBIOS. It can be done in following manner.
Press “Win+R”, a “Run Window” will come up, type “regedit” in it and open registry editor, alternatively you can type “regedit” on command prompt and access registry editor.

For Windows XP/2000 create following registry key:
HKLM/System/CurrentControlSet/Control/LSA/RestrictAnonymous=2
Now reboot your system.
For Windows XP Professional and Windows 2003:
HKLM/System/CurrentControlSet/Control/LSA/RestrictAnonymous=1
HKLM/System/CurrentControlSet/Control/LSA/RestrictAnonymousSAM=1
Now reboot your system.
For Windows NT 4.0 or further:
HKLM/System/CurrentControlSet/Control/LSA/RestrictAnonymous=1
Now reboot system.
Further remove hidden share IPC$, stop SMB services, to perform these tasks open command prompt and type,

C:\>net share IPC$/delete
C:\>net stop SMB
Now configure your firewall to disallow services asking for connection over NetBIOS by blocking ports 135, 137, 138, 139.

Posted by Nrupen Masram
Labels: , ,

Free Ethical Hacking Training | Learn Ethical Hacking Online Free | Learn How To Hack | Hack Counter Hack | Ethical Hacking Tutorials | Devil's Blog On Security