Restrict Anonymous On NetBIOS

Restrict Anonymous On NetBIOS

---

In previous posts we saw how we can enumerate NetBIOS manually then by using tools. Here we will have our look on how we can counter NetBIOS Enumeration and null session attacks on system. Null session attacks can be avoided by restricting anonymous connections over NetBIOS. It can be done in following manner.

Press “Win+R”, a “Run Window” will come up, type “regedit” in it and open registry editor, alternatively you can type “regedit” on command prompt and access registry editor.

For Windows XP/2000 create following registry key:

HKLM/System/CurrentControlSet/Control/LSA/RestrictAnonymous=2

Now reboot your system.

For Windows XP Professional and Windows 2003:

HKLM/System/CurrentControlSet/Control/LSA/RestrictAnonymous=1

HKLM/System/CurrentControlSet/Control/LSA/RestrictAnonymousSAM=1

Now reboot your system.

For Windows NT 4.0 or further:

HKLM/System/CurrentControlSet/Control/LSA/RestrictAnonymous=1

Now reboot system.

Further remove hidden share IPC$, stop SMB services, to perform these tasks open command prompt and type,

C:\>net share IPC$/delete

C:\>net stop SMB

Now configure your firewall to disallow services asking for connection over NetBIOS by blocking ports 135, 137, 138, 139.