How to disable NetBIOS on the Internet Adapter for Windows 2000/XP/2003
Traditionally Microsoft used NetBIOS (Network Basic Input/Output System), a specification created by IBM and Microsoft that allows distributed applications to access each other’s network services independent of the transport protocol used.
NetBIOS over TCP/IP (NetBT) provides a client/server communications architecture, using a protocol called Sever Message Block (SMB) to deliver, amongst other things, file and printer sharing capabilities.
NetBIOS on Microsoft Networks consists of three main components:
NetBIOS Name Service - Internet port 137 - TCP/UDP
NetBIOS Datagram Service - Internet Port 138 - UDP
NetBIOS Session Service - Internet Port 139 - TCP
In more recent versions of Windows, Microsoft has provided an additional means by which clients may access file and print resources on a LAN. This employs direct communication between client and server using SMBs over port 445.
To facilitate message passing between distributed components on a Microsoft client/server network, Microsoft uses Remote Procedure Calls (RPC). RPC uses a variety of Interprocess Communications mechanisims including NetBIOS.
Remote Procedure Call and the RPCLocator Service use port 135.
Whilst it may be appropriate to employ NetBT services on a Local Area Network (LAN) allowing these services access to the Internet could pose an extremely high security risk.
To protect your security on-line it is advisable to disable NetBIOS over TCP/IP on the Internet connection.
In Microsoft Windows:
1. Open Control Panel and select Network Connections
2. Right click on the Internet connection
3. Select the Networking tab in the configuration window
4. Select Internet Protocol (TCP/IP) and click Properties
5. Click Advanced
6. Select the WINS tab
7. Select the 'Disable NetBIOS over TCP/IP' radio button
8. Select 'OK' three times to finish.
It is also highly recommended that you block Internet access to the following ports:
RPC - 135
nbname - 137
nbdgram - 138
nbss - 139
MS-DS - 445
Please see this guide for information on how to block these ports:How To - Understanding & Creating Network Control Rules properly