Restrict Anonymous Over NetBIOS

In previous posts we saw how we can enumerate NetBIOS manually then by using tools. Here we will have our look on how we can counter NetBIOS Enumeration and null session attacks on system. Null session attacks can be avoided by restricting anonymous connections over NetBIOS. It can be done in following manner.
Press “Win+R”, a “Run Window” will come up, type “regedit” in it and open registry editor, alternatively you can type “regedit” on command prompt and access registry editor.
For Windows XP/2000 create following registry key:
HKLM/System/CurrentControlSet/Control/LSA/RestrictAnonymous=2
Now reboot your system.
For Windows XP Professional and Windows 2003:
HKLM/System/CurrentControlSet/Control/LSA/RestrictAnonymous=1
HKLM/System/CurrentControlSet/Control/LSA/RestrictAnonymousSAM=1
Now reboot your system.
For Windows NT 4.0 or further:
HKLM/System/CurrentControlSet/Control/LSA/RestrictAnonymous=1
Now reboot system.
Further remove hidden share IPC$, stop SMB services, to perform these tasks open command prompt and type,
C:\>net share IPC$/delete
C:\>net stop SMB
Now configure your firewall to disallow services asking for connection over NetBIOS by blocking ports 135, 137, 138, 139.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s