CompTIA
Exam Vouchers
Save money on CompTIA exams
| Question of the day
Sign up to receive
interactive practice questions
for MCSE, CompTIA
Cisco and other exams
| TestKing
Get MCSE, MCSD, CCNA, CCNP,A+, N+ and many more | * ExamSheets *
Guide for Success!
Actual Questions & Answers
MCSE, MCSD, A+ ,CCNA, CCNP
Oracle 8i, Oracle 9i Online practice tests
Certification sites Online university Online college Online education Distance learning Software forum Server administration forum Programming resources
|
|  |
Bill K.
Guest
Registered: Not Yet
Location:
Country:
State:
Certifications:
Working on:
Total Posts: N/A
|
|
 WINS and NetBIOS
Greetings,
Am going through Mr. Myers book "Certification passport Network +" as prep
for the Network + exam. Have a few questions/confusions about WINS and
NetBIOS.
1. What applications or functions specifically use NetBIOS?
2. Does NetBIOS have to be enabled for a LAN to work, or if all the
computers are running modern Operating Systems can it be disabled?
3. Is NetBIOS able to be routed over the internet using TCP/IP? If so what
applications would do so and/or what would be the purpose in doing this?
4. How come a computer is vulnerable to NetBIOS attacks over the internet
if NetBIOS is only used by Microsoft applications on a LAN. Wouldn't a
hacker need to know a computer's name as well as IP address to access the
NetBIOS?
Thanks in advance for your help.
Sincerely,
Bill K.
Report this post to a moderator
|
|
 08-10-03 08:25 AM
|
|
Steven Umbach
Guest
Registered: Not Yet
Location:
Country:
State:
Certifications:
Working on:
Total Posts: N/A
|
|
|
Re: WINS and NetBIOS
"Bill K." <b.kangas@comcast.net> wrote in message
news:CkmZa.75145$cF.24010@rwcrnsc53...
> Greetings,
>
> Am going through Mr. Myers book "Certification passport Network +" as prep
> for the Network + exam. Have a few questions/confusions about WINS and
> NetBIOS.
>
> 1. What applications or functions specifically use NetBIOS?
Any application, process, or service that relies on identifiying computer
by their netbios "computer" name rather than their fully qualified domain name.
Netbios names are used by Windows 95/98/NT for lan communications and can be
found in wins database or by using nbtstat command. Netbios relies on
broadcasting if there is no wins server.
>
>
> 2. Does NetBIOS have to be enabled for a LAN to work, or if all the
> computers are running modern Operating Systems can it be disabled?
Only Windows 2000/XP/2003 can operate in a netbios free envionment if no
applications or processes require it and you do not plan on using Network Places
anymore. Those operating systems rely on dns for name resolution and resource
locating. In reality, most everyone still uses netbios over tcp/ip.
>
>
> 3. Is NetBIOS able to be routed over the internet using TCP/IP? If so what
> applications would do so and/or what would be the purpose in doing this?
Netbios is not a network protocol. Netbeui which also uses netbios is a
network protcol that can not be routed. Tcp/ip can of course be routed, but you
will not be able to use netbios names to locate resources on the internet. The
internet is a heiarchchy of domains. In a website address like
www.windowsupdate.com. The www is actually a host name of a computer [or
cluster] running IIS or Apache most likely.
>
>
> 4. How come a computer is vulnerable to NetBIOS attacks over the internet
> if NetBIOS is only used by Microsoft applications on a LAN. Wouldn't a
> hacker need to know a computer's name as well as IP address to access the
> NetBIOS?
Netbios is used by file and print sharing. File and print sharing should
never be enabled on a network adapter connected directly to the internet - one
that would have a "public" address. A port scan of a computer connected to the
interenet that had file and print sharing enabled would show at least port 139
and maybe port 445 open. You can check your own computer by going to
http://scan.sygate.com/ . A hacker would consider those open ports as "the
mother lode". You do not need to know the netbios name to access. You just try
to connect like you do on the lan using unc and the computers ip address such as
\\123.456.789.001 and you will see the shares available!. Or go for the gusto
and try the administrative share - \\123.456.789.001\c$ . You of course will
need a user account and password for access, unless the guest account is
enabled - then you are in if that is the case! Most people do not have account
lockout enabled and maybe even a blank password on the administrators account.
You can also create a "null" session to port 139 [ net use
\\123.456.789.001\IPC$ "" /U:"" ] and extract the user and group names to make
the attack easier. A properly configured firewall will block access to netbios
vulnerabilities and there are pleny of good free ones available. --- Steve
>
>
> Thanks in advance for your help.
>
>
>
> Sincerely,
>
>
>
> Bill K.
>
>
Report this post to a moderator
|
|
|
08-11-03 04:24 AM
|
|
|
Featured site: MCSE, MCSD, CompTIA, CCNA training videos
Forum Rules:
Who Can Read The Forum? Any registered user or guest.
Who Can Post New Topics? Any registered user.
Who Can Post Replies? Any registered user.
Changes: Messages can be edited by their author.
Posts: HTML code is OFF. Smilies are ON. vB code is ON. [IMG] code is OFF. |
|
ExamNotes forum archive
|
