How to disable NetBIOS on the Internet Adapter for Windows 2000/XP/2003

Frequently Asked Questions (FAQ) for Comodo firewa
1

How to disable NetBIOS on the Internet Adapter for Windows 2000/XP/2003

Traditionally Microsoft used NetBIOS (Network Basic Input/Output System), a specification created by IBM and Microsoft that allows distributed applications to access each other’s network services independent of the transport protocol used.

NetBIOS over TCP/IP (NetBT) provides a client/server communications architecture, using a protocol called Sever Message Block (SMB) to deliver, amongst other things, file and printer sharing capabilities.

NetBIOS on Microsoft Networks consists of three main components:

NetBIOS Name Service - Internet port 137 - TCP/UDP
NetBIOS Datagram Service - Internet Port 138 - UDP
NetBIOS Session Service - Internet Port 139 - TCP

In more recent versions of Windows, Microsoft has provided an additional means by which clients may access file and print resources on a LAN. This employs direct communication between client and server using SMBs over port 445.

To facilitate message passing between distributed components on a Microsoft client/server network, Microsoft uses Remote Procedure Calls (RPC). RPC uses a variety of Interprocess Communications mechanisims including NetBIOS.

Remote Procedure Call and the RPCLocator Service use port 135.

Whilst it may be appropriate to employ NetBT services on a Local Area Network (LAN) allowing these services access to the Internet could pose an extremely high security risk.

To protect your security on-line it is advisable to disable NetBIOS over TCP/IP on the Internet connection.

In Microsoft Windows:

  1. Open Control Panel and select Network Connections
  2. Right click on the Internet connection
  3. Select the Networking tab in the configuration window
  4. Select Internet Protocol (TCP/IP) and click Properties
  5. Click Advanced
  6. Select the WINS tab
  7. Select the ‘Disable NetBIOS over TCP/IP’ radio button
  8. Select ‘OK’ three times to finish.

It is also highly recommended that you block Internet access to the following ports:

RPC - 135
nbname - 137
nbdgram - 138
nbss - 139
MS-DS - 445

Please see this guide for information on how to block these ports:

How To - Understanding & Creating Network Control Rules properly