Comodo Firewall and NetBIOS

Hi. I have conducted some penetration testing with my machine to see
if it has NetBIOS listening to the internet. After the test, I was informed that
All attempts to get any information from your computer have FAILED. (This is
very uncommon for a Windows networking-based PC.)
” (which
indeed is good news for me).

However, what I do not know is whether Comodo Firewall has blocked this or it was
sometihng else that did.

Does Comodo Firewall block or protect in any way the NetBios information or
could this be just a lucky setting somewhere in the OS / router ?

Thank you in advance :smiley:

Depends on how you have it setup, but generally yes it should limit netbios to local network by default if ‘automatically detect networks’ is checked and you created a trusted network.

Hello

I can’t figure out why incoming Netbios packets from a local Linux host running Samba aren’t let through.

The Linux host is configured as WINS server + master browser, but since Netbios packets can’t get in, running “net view” on the local Windows host returns “System error 6118 has occurred. The list of servers for this workgroup is not currently available”.

Any idea what I’m doing wrong?

Thank you.

In addition to global rules you need to make the appropriate application rules. In this case double-click the Windows System Applications rule under firewall applications rules and add a new rule to allow in where source address is network zone home network.

Thanks for the tip. I find it odd that the above wouldn’t be enough.

Without knowing what I’m doing, if I choose…
Name = Windows System Applications
Leave “Use a Custom Ruleset”
Click on the up arrow > Add
Allow, UDP, In, give it a name, Source Address = Network Zone = Home 192.168.0.0/255.255.255.0
OK
OK
=> “Windows System Applications - This entry already exists.”


Edit: Found it.

You have to double-click on an existing application in the list, before appending a new rule.

Thank you!

False joy: CIS is again blocking incoming NetBIOS packets, and “net view” no longer displays the list of hosts :-/

https://s14.postimg.org/u5svz4zg1/Comodo_CIS_Firewall_Netbios_Still_Blocks_Incomin.png

However, I notice it mentions a System application, so checked it out in the Application Rules section:

https://s16.postimg.org/dssf54zc5/Comodo_CIS_Firewall_Application_Rule_System.png

Do settings in Application Rules have higher priority than those in Global Rules? What should I try?

Thank you.

The block rule should be the last one on the list.
First you have the allow rules, then the block rule to block everything else

Thanks for the info.

This is obviously the first time I’m messing with CIS’ firewall rules. I’m surprised that 1) the System application starts with a Ban rule at the top and 2) this item didn’t cause any other issue considering System is not just a user application.

Until I ran “net view” after configuring a Samba server, I had no connection problem. Weird ???