Need to Help A Friend NetBIOS over TCP/IP Attacks

  RobCharles1981 23:22 PM 20 Mar 13
Locked

Hi all

Wondering if you can shed light on this one one of my Friends is having on off problems with his computer It's an Alien Ware By Dell and his O/S is Windows 7 64bit he's had this problem for a couple of years.

It's become apparent he's a victim of a NetBios attack TCP/IP Where some random person is scanning ip and ports in order to connect to his computer.

He seems to think that this random person is using Herins Boot CD on his computer.

He's using a Cable Modem Connection and has tried a few routers to combat this problem but he says these attacks keep happening.

I for one looked up about this attack and it doesn't work with Windows 7 Or Does it? He's trying so hard to get rid of this and has frequently re-installed his O/S but the issue keeps coming back.

I'm not sure of the Security Setup he has.

I've googled on how to block this from happening and I've come up with this link:

http://support.microsoft.com/kb/313314

http://marjanrepic.wordpress.com/2011/07/05/disable-netbios-over-tcpip-in-windows-7-ent/

So how do I help him further and am I on the right lines in order to help him solve the problem?

Thanks

Rob

  Secret-Squirrel 09:07 AM 21 Mar 13

Rob, random port scanning has been going on since the Internet was invented and it's likely that at some point everyone's IP address will be probed for open ports. All routers in their default configuration will block those port scans so there's nothing to worry about. Also, as an added defence, most folks have a software firewall enabled on their PCs such as the Windows one.

What makes your friend think that a specific individual is specifically targeting his PC?

"...has tried a few routers to combat this problem but he says these attacks keep happening.....and has frequently re-installed his O/S but the issue keeps coming back...."

I think that proves the point I made in my first paragraph.

"* and am I on the right lines in order to help him solve the problem?"*

If your friend doesn't need file and printer sharing with other PCs within his home then by all means turn off NetBIOS.

  mgmcc 09:10 AM 21 Mar 13

I'd suggest he goes to this site and runs the "Shields Up" test. This will show if the PC's ports are hidden from the internet. Click the option for "All Service Ports". If there are any results in red, he may need a more secure firewall installed.

  hiwatt 09:42 AM 21 Mar 13

Not meaning to hijack but I just did that test and the last part failed!It received a "ping" report from my computer.Yet a couple of weeks ago it passed?I'm using windows 7 firewall at it's default settings?

  RobCharles1981 11:43 AM 21 Mar 13

Hi Secret-Squirrel

What makes your friend think that a specific individual is specifically targeting his PC?

Well from what he tells me he's traced his IP to a location so that's how he's doing it.

"...has tried a few routers to combat this problem but he says these attacks keep happening.....and has frequently re-installed his O/S but the issue keeps coming back...."

So what your saying here is he needs a better firewall????

If your friend doesn't need file and printer sharing with other PCs within his home then by all means turn off NetBIOS.

So he needs to Disable NetBios in the network settings would it be good to disable any appropriate Windows services too? And If so what ones?

  Secret-Squirrel 12:57 PM 21 Mar 13

"So what your saying here is he needs a better firewall????"

No. Apologies if I didn't make it clear, but every IP address is likely to be probed and scanned repeatedly over time. It happens all the time and there's nothing your friend can do to prevent anyone out there making those attempts.

Like I said earlier, the default configuration for all routers is to block unsolicited connections from the Internet. The PC's standard Windows Firewall (or third-party firewall) will also act as a second line of defence so your friend will be well protected from any intrusion attempts. It's unlikely that his PC's infected with anything because he's repeatedly reinstalled Windows.

From what you've said so far, it's possible that perhaps your friend had been examining his router logs too closely and giving himself nightmares.

Get your friend to follow mgmcc's advice. If the port scan doesn't find any open ports then he's not vulnerable and should stop worrying.

  RobCharles1981 15:42 PM 21 Mar 13

Thanks Secret-Squirrel

But the links I provided explain how to disable this feature and I've had other opinions else where.

I will look into this further if anyone else has anything to contribute then feel free to say so.

  Secret-Squirrel 08:37 AM 22 Mar 13

"But the links I provided explain how to disable this feature.......I will look into this further............"

To repeat what I said yesterday, if your friend has no need for Windows File & Printer Sharing then by all means disable NetBIOS on your friend's PC (using the second link you found). However, because you've said your friend is using a router, that service is not accessible from the Internet so he's already well protected.

Perhaps it would be better if your friend could post here directly.

  RobCharles1981 23:18 PM 23 Mar 13

I've had an update from him.

and backing up 3tb drives dont work most time.. as the backup is larger than the free space.

this is not about data.. its about the OS.. and alienware has RESPAWN.. its like recovery only better

programs wont work on most alienware.. as it needs the respawn.. sadly this cant even be installed after you get a new drive as it requires dells partitions .. once those are gone there is not even WINDOWS recovery or backup no options for recovery.

He' sent me screen shots of the problem he's having and it's no Virus he says it's a "Person" on his account or Computer

He's tried blocking the appropriate ports

"I even tried blocking ports.. but sad FACT AGAIN is.. I dont even need internet connection for them to get in"

they have the mac address.. period.. and the bios id and service tag.. they even turned on the machine when no net was connected using WAKE ON LAN. (Why would they want this?)

wireless utility for dell intel bios.

its the certs I need to back up but by then the UNKNOWN users .. (2 in this case) 1 machine 2 users have already taken over

http://i.imgbox.com/aceo4Wsi.jpg http://i.imgbox.com/abxL9psH.jpg http://i.imgbox.com/aceqvlzh.jpg http://i.imgbox.com/abiQnWzv.jpg http://i.imgbox.com/adrGGT0t.jpg

  rdave13 01:21 AM 24 Mar 13

Ah. Similar to my sis-inlaw's problem with X-box. On-line gaming bring a heap load of fun.

Tell your mate to bin the online game as he's stuffed. His profile is already compromised, along with his email and bank details I wouldn't wonder.

  rdave13 01:44 AM 24 Mar 13

As for not being online for the PC to be compromised, it's only the permissions that are there. Once he connects to the net then the hacker gets in. It's some site your friend logs in, where the hacker can log in to his PC. Hence a gaming server comes to mind. He links to it and the hacker links to your friend's PC via it.

Advertisement

This thread is now locked and can not be replied to.

Should I upgrade to Windows 10? Windows 10 is now available, so do you have to upgrade? 8 reasons…

Why Vodafone’s frequency choice should interest you: The benefits of 800MHz

Digital visionaries discuss Designing the Future

How to run Windows 10 on Mac: How to run Windows 10 using Boot Camp or VirtualBox to install…