Netbios and bindiings

That explains it. As Lem pointed out, you are looking in the wrong place.
That is why I asked the questions in the order they were in. Maybe I should
have said the menu item along the *menu bar* in the first place.

"RB" <NoMail@NoSpam> wrote in message
news:(E-Mail Removed)...
>
> "Andy Medina"
>> Which of the following is true?
>> a) there is no "Advance" menu item in the Network Connections window.
>> b) there is no "Advanced Settings" item under the Advance menu item.
>> c) there is no "Adapter and Bindings" tab in the Advance Settings
>> window.
>> d) there is a "Adapter and Bindings" tab but nothing is listed.
>> Is there a "Provider Order" tab in the Advance Settings window?
> I don't know if I am allowed to post jpg attachments which I could do if I
> knew
> it was acceptable to do so. But there could be quite a few of them to
> expound
> everything. But as brief as possible this is the explained scenario:
> ControlPanel->NetworkConnections then right click on desired
> connection and choose properties, brings up a screen showing
> two tabs General and Advanced. I will tell you about the
> General tab first since I believe it expands to the area of
> question, (I will skip this particular Advanced tab till later)
> If you look at the General tab window you see in the first list
> box window my Network Adapter listing with a Configure button
> beside it. If you click the Configure button it basically covers
> driver installation or uninstalling etc.
> So back out of Configure back to the same said General Tab then
> if you look down the second list box window it has all of your
> protocols and file & print sharing services that are installed.
> If you highlite the tcp/ip protocol and click properties then you
> see a window with a General tab and a Alternate Config tab,
> Down at the bottom (of the General tab window) there is an
> Advanced button, if you click that you see an area that I believe
> is pertinant to this discussion. It has 4 tabs, IP Settings,
> DNS, WINS, and Options. If you click the WINS tab you see a window
> with a top list box where you can add WINS addresses, Below that
> you can check ENABLE LMHOSTs options. And below that is 3 options,
> 1. Default use Netbios from DHCP server
> 2. Enable Netbios over tcp/ip
> 3. Disable Netbios over tcp/ip
> There are no bindings window to be found in "ANY" of the expanded
> windows stemming from the original NetworkConnections properties
> General tab.
> So then if you look at the original NetworkConnections properties
> Advanced tab (skipped over above) then you see a windows firewall
> window with one Settings button. So clicking on the Settings button
> you see the windows Firewall window with a General tab, an Exceptions
> tab and an Advanced tab. Expanding out "all" of these none of them
> bring up "any" bindings window.

> However, you are looking in the wrong place.
Oh why the heck did they stick it up there for, that seems odd to me
given all of those menus are usually explorer generic.
Anyhow thank you !
I am not so much still sold on trying to use Netbeui (which appears to be an earlier
version of Netbios) but I still have been unable to get key information to help me
in my decision. Two things specifically,
1. The poster Jack (MS, MVP-Networking) wrote
{ If you are worried that is a good idea.
Adding NetBEUI as Sharing Protocol in WinXP:
http://www.ezlan.net/netbeui.html
}
I replied to him but he never answered. Did I misunderstand him or is he saying
he things netbuei is a good thing still ?

2. Ok say I keep netbios and I disable the ports you guys told me about .
I am concerned that if I disable them it will intefere with apps that might be
using these ports. I did a search for a way to find out who is using what and
I got the following results from netsat. I cut out all but the 3 ports spoke of.
So what is going to happen with these apps if I block these ports ?
----------------------------------------------------
netstats -a /b -n
returned this
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1368
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ADVAPI32.dll
[svchost.exe]

TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
[System]

TCP [::]:135 [::]:0 LISTENING 1368
-- unknown component(s) --
toside.sys
-- unknown component(s) --
[svchost.exe]


UDP 0.0.0.0:445 *:* 4
[System]

UDP 192.168.1.2:138 *:* 4
[System]
============ALSO===
Another question when I look in the ADVANCED->bindings that you just showed
me how to view, I don't see any Netbios listed when I do have it Enabled in my TCP
properties ? What is up with that ?
And what is up with the MS TCP/IP ver 6 ? I have that in addition to the Internet TCP/IP ?

From: "RB" <NoMail@NoSpam>

>> However, you are looking in the wrong place.
| Oh why the heck did they stick it up there for, that seems odd to me
| given all of those menus are usually explorer generic.
| Anyhow thank you !
| I am not so much still sold on trying to use Netbeui (which appears to be an earlier
| version of Netbios) but I still have been unable to get key information to help me
| in my decision. Two things specifically,
| 1. The poster Jack (MS, MVP-Networking) wrote
| { If you are worried that is a good idea.
| Adding NetBEUI as Sharing Protocol in WinXP:
| http://www.ezlan.net/netbeui.html
| }
| I replied to him but he never answered. Did I misunderstand him or is he saying
| he things netbuei is a good thing still ?

| 2. Ok say I keep netbios and I disable the ports you guys told me about .
| I am concerned that if I disable them it will intefere with apps that might be
| using these ports. I did a search for a way to find out who is using what and
| I got the following results from netsat. I cut out all but the 3 ports spoke of.
| So what is going to happen with these apps if I block these ports ?
| ----------------------------------------------------
| netstats -a /b -n
| returned this
| Active Connections
| Proto Local Address Foreign Address State PID
| TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1368
| c:\windows\system32\WS2_32.dll
| C:\WINDOWS\system32\RPCRT4.dll
| c:\windows\system32\rpcss.dll
| C:\WINDOWS\system32\svchost.exe
| C:\WINDOWS\system32\ADVAPI32.dll
| [svchost.exe]

| TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
| [System]

| TCP [::]:135 [::]:0 LISTENING 1368
| -- unknown component(s) --
| toside.sys
| -- unknown component(s) --
| [svchost.exe]


| UDP 0.0.0.0:445 *:* 4
| [System]

| UDP 192.168.1.2:138 *:* 4
| [System]
| ============ALSO===
| Another question when I look in the ADVANCED->bindings that you just showed
| me how to view, I don't see any Netbios listed when I do have it Enabled in my TCP
| properties ? What is up with that ?
| And what is up with the MS TCP/IP ver 6 ? I have that in addition to the Internet
| TCP/IP ?


The fist 1024 TCP and UDP ports are the oldest and most standardized protocols. TCP/UDP
ports 135 ~ 139 and 445 are completely safe to blockon any FireWall Appliance and NAT
Routers. Blocking them will only enhance your security. Having them blocked will not
block some unknow application or content.

The LAN side of the NAT Router you have is your enclave. You can safely have all network
protocols at their default and move the security from each PC to that of the perimeter.
Blocking TCP/UDP ports 135 ~ 139 and 445 on the LAN/WAN barrier means you SOHO LAN is
safer on the Internet and all nodes on the LAN side can communicate fully without protocol
settng hinderence.

There are two levels of concern on your LAN side
wired
wireless

Unless somone has physical access to your CAT-5 Ethernet LAN, no one is going to be
tapping your LAN through the Ethernet topolgy.

Wireless is different. You have to take further steps. Like I mentioned,
* Use a strong PreShared authentication key
* WPA2
* USE AES encryption
* Choice to use MAC Authentication (You tell the Router what MAC addresses can use
WireLess and then thy are the only MAC addreses that can use WiFi on your SOHO LAN)

Then the Wireles has been secured as best you could.

Once you have done that, there is NO NEED to fuss with "NetBIOS over IP" for any nodes on
the LAN side.

To further enhance your security I suggested,
* Disable all remote management protocols to the Router
* Disable WAN ICMP and UDP traceroute capabilities.

BTW: Some advocate blocking TCP port 4567
http://en.wikipedia.org/wiki/TR-069

I block it on my FiOS Router.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

>"David H. Lipman" wrote in message
> TCP/UDP ports 135 ~ 139 and 445 are completely safe to blockon any FireWall Appliance
>and NAT Routers. Blocking them will only enhance your security. Having them blocked will not
> block some unknow application or content.

Ok this is good information. Thank you.

> * USE AES encryption

My router offers AES, but when I look at my laptop's broadcom wireless I don't see AES as an
offering, but only shows WPA TKIP ? Is this capability dependent on both the router and the
wireless node drivers ?

> * Choice to use MAC Authentication (You tell the Router what MAC addresses can use
> WireLess and then thy are the only MAC addreses that can use WiFi on your SOHO LAN)

Well I thought about this but then I read it is easy for hackers to clone a MAC so is it really that
effective ?

> Once you have done that, there is NO NEED to fuss with "NetBIOS over IP" for any nodes on
> the LAN side.

Whoa wait a minute you are loosing me here. I still need to see my nodes within my workgroup
how will I be able to do this without Netbios ?

From: "RB" <NoMail@NoSpam>


>>"David H. Lipman" wrote in message
>> TCP/UDP ports 135 ~ 139 and 445 are completely safe to blockon any FireWall Appliance
>>and NAT Routers. Blocking them will only enhance your security. Having them blocked
>>will not
>> block some unknow application or content.

| Ok this is good information. Thank you.

>> * USE AES encryption

| My router offers AES, but when I look at my laptop's broadcom wireless I don't see AES
| as an
| offering, but only shows WPA TKIP ? Is this capability dependent on both the router
| and the
| wireless node drivers ?


The notebook will sync wirth the WireLess Router's encryption.



>> * Choice to use MAC Authentication (You tell the Router what MAC addresses can use
>>
| WireLess and then thy are the only MAC addreses that can use WiFi on your SOHO LAN)

|
| Well I thought about this but then I read it is easy for hackers to clone a MAC so is
|
| it really that effective ?

It can be done but NOT easily.

>> Once you have done that, there is NO NEED to fuss with "NetBIOS over IP" for any nodes
>> on the LAN side.

| Whoa wait a minute you are loosing
| me here. I still need to see my nodes within my
| workgroup
| how will I be able to do
| this without Netbios ?


Leave NetBIOS alone !
You want to play with unbinding NetBIOS from IP. I've been trying to tell you why you
don't need to !




--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

>Leave NetBIOS alone !
>You want to play with unbinding NetBIOS from IP. I've been trying to tell you why you
>don't need to !

Ok I sense I misunderstood your meaning when you said

> "NO NEED to fuss with NetBIOS over IP for any nodes on the LAN side".

I thought you meant I did not "need" Netbios enabled, but rather you meant if I disabled
said ports then I did not need to unbind Netbios,....correct ?
Which brings me to another point of confusion, ( I understand now that I don't need to
worry about the unbinding ) but I don't understand why netbios is not showing up in
the bindings window ? I do have it enabled over TCP/IP so shouldn't it be showing up?

"RB" <NoMail@NoSpam> wrote in message
news:(E-Mail Removed)...
>> However, you are looking in the wrong place.
> Oh why the heck did they stick it up there for, that seems odd to me
> given all of those menus are usually explorer generic.
> Anyhow thank you !
> I am not so much still sold on trying to use Netbeui (which appears to be
> an earlier
> version of Netbios) but I still have been unable to get key information
> to help me
> in my decision. Two things specifically,
> 1. The poster Jack (MS, MVP-Networking) wrote
> { If you are worried that is a good idea.
> Adding NetBEUI as Sharing Protocol in WinXP:
> http://www.ezlan.net/netbeui.html
> }
> I replied to him but he never answered. Did I misunderstand him or is he
> saying
> he things netbuei is a good thing still ?

NetBEUI is an extention of NetBIOS, it is not an earlier version of
Netbios.
NetBEUI = NetBIOS Extended User Interface

From the url above:

"NetBEUI has less overhead, so it is very efficient in small networks (less
then 10 computers), and it is actually faster then TCP/IP.

However on large Networks it produces the opposite effect, and might "bog"
down the Network.

Networking is dominated by the Professional IT people and they do not like
NetBEUI as a result you will always hear negative remarks when NetBEUI is
mentioned.

Because it is a problem on large Networks, and it is Not Routable, Microsoft
is phasing it out.

It is included on Windows XP CD ROM, but Microsoft is Not supporting it
anymore. However there is nothing to support in NetBEUI when it used in a
simple peer to peer small Network. "


Network pros don't like it because they usually work with MANY machines on
the LAN. And it WILL "bog" down the network because it is a VERY
talkative/noisy protocol. The protocol itself is fine for small networks,
but the mantra is DON'T install any more network protocols than neccessary
[AKA the KISS principle ]. If you take the precautions folks on here have
been suggesting, there is no need for NetBEUI. It will not be the end of the
world if you decide to use NetBEUI. But if you do, then you have to be sure
NetBEUI is the ONLY protocol that is bound to File and Printer Sharing and
for Client for Microsoft Networks. So you have to manage two protocols for
each machine's network adapter, but that's not as hard to do as it sounds.
Also, websites that suggest using NetBEUI state there are certain situations
where NetBEUI would be a good option, but they do not flatly state to use
NetBEUI as a substitute for NetBIOS/TCP in all situations.

More on NetBIOS and NetBEUI at http://en.wikipedia.org/wiki/Netbios



> 2. Ok say I keep netbios and I disable the ports you guys told me about .
> I am concerned that if I disable them it will intefere with apps that
> might be
> using these ports. I did a search for a way to find out who is using what
> and
> I got the following results from netsat. I cut out all but the 3 ports
> spoke of.
> So what is going to happen with these apps if I block these ports ?

You will be blocking the ports at the router's firewall not on the machine's
firewall. If an app uses those ports through the *router* (IOW [LAN ethernet
port <=> WAN ethernet port] and NOT through the built-in *switch* which is
[LAN ethernet port <=> LAN ethernet port]) that would be bad and is exactly
what you are trying to prevent. The machines on the LAN will still see and
use those ports. Think of the router as having two items (a switch and
router, a wireless router adds a radio/hub to the mix) that are in one box.
The router's firewall primarily affects traffic going through the *router*
(that is between a LAN ethernet port to the WAN ethernet port) and usually
does not affect traffic going through the *switch* (that is between a LAN
ethernet port to another LAN ethernet port).



> ----------------------------------------------------
[snip]
> ============ALSO===
> Another question when I look in the ADVANCED->bindings that you just
> showed
> me how to view, I don't see any Netbios listed when I do have it Enabled
> in my TCP
> properties ? What is up with that ?

From http://en.wikipedia.org/wiki/Netbeui (which actually redirects to
http://en.wikipedia.org/wiki/Netbios)
"As strictly an API, NetBIOS is not a networking protocol." So you will not
see it listed there.



> And what is up with the MS TCP/IP ver 6 ? I have that in addition to the
> Internet TCP/IP ?

IPv6 uses 128-bit addresses while IPv4 uses only 32 bits. The address space
for IPv4 is pretty much exhausted, so IPv6 will create a much much bigger
address space for all the devices needing an IP address. Other enhancements
were also made to the protocol. More on IPv6 is at
http://en.wikipedia.org/wiki/IPv6 and at
http://technet.microsoft.com/en-us/n.../bb530961.aspx

BTW IPv6 is not MS-centric although MS might have put a twist or two into
it's implementation. IPv6 was defined in December 1998 by the Internet
Engineering Task Force (IETF) with the publication of an Internet standard
specification, RFC 2460

Have we made your head swim yet?

"RB" <NoMail@NoSpam> wrote in message
news:(E-Mail Removed)...
> >Leave NetBIOS alone !
>>You want to play with unbinding NetBIOS from IP. I've been trying to tell
>>you why you
>>don't need to !
>
> Ok I sense I misunderstood your meaning when you said
>
>> "NO NEED to fuss with NetBIOS over IP for any nodes on the LAN side".
>
> I thought you meant I did not "need" Netbios enabled, but rather you meant
> if I disabled
> said ports then I did not need to unbind Netbios,....correct ?

NetBIOS is not "bound" to anything. It is simply enabled over TCP/IP.
That is why you do not see it listed under the bindings dialog box. See
below.


> Which brings me to another point of confusion, ( I understand now that I
> don't need to
> worry about the unbinding ) but I don't understand why netbios is not
> showing up in
> the bindings window ? I do have it enabled over TCP/IP so shouldn't it be
> showing up?

From http://en.wikipedia.org/wiki/Netbeui (which actually redirects to
http://en.wikipedia.org/wiki/Netbios)
"As strictly an API, NetBIOS is not a networking protocol." So you will not
see it listed there.

> Have we made your head swim yet?

Actually no, although there has been a diverse spectrum of opinion replied.
I think I have learned enough from everyone (especially you and David ) to
be able to intelligently work with the process now. This last reply of yours
really elaborated and nailed down a lot of loose ends in my mind. I feel
now (given the small size of my Lan) that I could toss the dice and go with
either Netbios or Netbeui and have good security results.....but
my biggest problem (that has spurred me into all of this ) is the fact that
as soon as I tried to move from a ( no logon password user accts using
"simple file & print sharing" ) scenario to a more secure password logon
user accts I have been unable (to keep an off topic troubleshooting story
brief ) to get all of my nodes to see each other. I have tried until I was exhausted
with conversing with support groups but I just could not get it to work.
So I then started to think of trying Netbeui hoping it might work when I
could not get the Netbios over tcp/ip to function.
I now am wondering if maybe Windows Home Server might be a solution.
What are the security aspects of that ?
Believe me I have done all sorts of suggested commands from ipconfig, ping,
netstat, and net etc to try and track down why it won't work but finally I just
gave up on it. It would appear that MS if more concerned with brushing
over security (when they add the "recommended" to the Simple file sharing
check box) than they are making password peer to peer lans work under
password logons.

Getting computers to see each other on the LAN can be a headache. Usually
the problem with not being able to see computers in My Network Places is
because of Master Browser problems, NetBIOS over TCP disabled, or no
firewall exception for File and Printer sharing.

Some items you may want to go over:

1) be sure you (re)share the items after you switch from simple file
sharing. Even if you had/have them shared while under simple file sharing,
go through and share them again. You have to have at least one item shared
for the computer to show up.

2) make sure File and Printer sharing is checked as an exception in the
firewall of EVERY computer on the LAN. Look in the event logs (can't
remember which category, apps or system) and if you see any "could not
obtain master browse list from [computer name]" (can't remember the exact
wording) then that computer has the exception unchecked. All it takes is one
computer with the unchecked exception to mess everything up. It might also
have the NetBIOS over TCP disabled.

3) make sure the Computer Browser service is running on ALL computers.

You might also try the SMB method (for troubleshooting) if the computer is
not showing up. First make sure you can ping the computer in question. Then
go to Start/Run and enter "\\[IP address of computer in question]" (without
the quotes) and see if the network login screen comes up. I get to shared
resources that way even if the computer with the shared resources does not
show up in My Network Places. And this is the only way to get to shared
resources if the NetBIOS over TCP is disabled since you will not be able to
see the computer in My Network Places.



"RB" <NoMail@NoSpam> wrote in message
news:(E-Mail Removed)...
>> Have we made your head swim yet?
>
> Actually no, although there has been a diverse spectrum of opinion
> replied.
> I think I have learned enough from everyone (especially you and David ) to
> be able to intelligently work with the process now. This last reply of
> yours
> really elaborated and nailed down a lot of loose ends in my mind. I feel
> now (given the small size of my Lan) that I could toss the dice and go
> with
> either Netbios or Netbeui and have good security results.....but
> my biggest problem (that has spurred me into all of this ) is the fact
> that
> as soon as I tried to move from a ( no logon password user accts using
> "simple file & print sharing" ) scenario to a more secure password logon
> user accts I have been unable (to keep an off topic troubleshooting story
> brief ) to get all of my nodes to see each other. I have tried until I was
> exhausted
> with conversing with support groups but I just could not get it to work.
> So I then started to think of trying Netbeui hoping it might work when I
> could not get the Netbios over tcp/ip to function.
> I now am wondering if maybe Windows Home Server might be a solution.
> What are the security aspects of that ?
> Believe me I have done all sorts of suggested commands from ipconfig,
> ping,
> netstat, and net etc to try and track down why it won't work but finally I
> just
> gave up on it. It would appear that MS if more concerned with brushing
> over security (when they add the "recommended" to the Simple file sharing
> check box) than they are making password peer to peer lans work under
> password logons.
>