We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Contact Forum Editor

Send an email to our Forum Editor:


PLEASE NOTE: Your name is used only to let the Forum Editor know who sent the message. Both your name and email address will not be used for any other purpose.

Tech Helproom


It's free to register, to post a question or to start / join a discussion


 

Need to Help A Friend NetBIOS over TCP/IP Attacks


RobCharles1981

Likes # 0

Hi all

Wondering if you can shed light on this one one of my Friends is having on off problems with his computer It's an Alien Ware By Dell and his O/S is Windows 7 64bit he's had this problem for a couple of years.

It's become apparent he's a victim of a NetBios attack TCP/IP Where some random person is scanning ip and ports in order to connect to his computer.

He seems to think that this random person is using Herins Boot CD on his computer.

He's using a Cable Modem Connection and has tried a few routers to combat this problem but he says these attacks keep happening.

I for one looked up about this attack and it doesn't work with Windows 7 Or Does it? He's trying so hard to get rid of this and has frequently re-installed his O/S but the issue keeps coming back.

I'm not sure of the Security Setup he has.

I've googled on how to block this from happening and I've come up with this link:

http://support.microsoft.com/kb/313314

http://marjanrepic.wordpress.com/2011/07/05/disable-netbios-over-tcpip-in-windows-7-ent/

So how do I help him further and am I on the right lines in order to help him solve the problem?

Thanks

Rob

Like this post
Secret-Squirrel

Likes # 0

Rob, random port scanning has been going on since the Internet was invented and it's likely that at some point everyone's IP address will be probed for open ports. All routers in their default configuration will block those port scans so there's nothing to worry about. Also, as an added defence, most folks have a software firewall enabled on their PCs such as the Windows one.

What makes your friend think that a specific individual is specifically targeting his PC?

"...has tried a few routers to combat this problem but he says these attacks keep happening.....and has frequently re-installed his O/S but the issue keeps coming back...."

I think that proves the point I made in my first paragraph.

"* and am I on the right lines in order to help him solve the problem?"*

If your friend doesn't need file and printer sharing with other PCs within his home then by all means turn off NetBIOS.

Like this post
mgmcc

Likes # 0

I'd suggest he goes to this site and runs the "Shields Up" test. This will show if the PC's ports are hidden from the internet. Click the option for "All Service Ports". If there are any results in red, he may need a more secure firewall installed.

Like this post
hiwatt

Likes # 0

Not meaning to hijack but I just did that test and the last part failed!It received a "ping" report from my computer.Yet a couple of weeks ago it passed?I'm using windows 7 firewall at it's default settings?

Like this post
RobCharles1981

Likes # 0

Hi Secret-Squirrel

What makes your friend think that a specific individual is specifically targeting his PC?

Well from what he tells me he's traced his IP to a location so that's how he's doing it.

"...has tried a few routers to combat this problem but he says these attacks keep happening.....and has frequently re-installed his O/S but the issue keeps coming back...."

So what your saying here is he needs a better firewall????

If your friend doesn't need file and printer sharing with other PCs within his home then by all means turn off NetBIOS.

So he needs to Disable NetBios in the network settings would it be good to disable any appropriate Windows services too? And If so what ones?

Like this post
Secret-Squirrel

Likes # 0

"So what your saying here is he needs a better firewall????"

No. Apologies if I didn't make it clear, but every IP address is likely to be probed and scanned repeatedly over time. It happens all the time and there's nothing your friend can do to prevent anyone out there making those attempts.

Like I said earlier, the default configuration for all routers is to block unsolicited connections from the Internet. The PC's standard Windows Firewall (or third-party firewall) will also act as a second line of defence so your friend will be well protected from any intrusion attempts. It's unlikely that his PC's infected with anything because he's repeatedly reinstalled Windows.

From what you've said so far, it's possible that perhaps your friend had been examining his router logs too closely and giving himself nightmares.

Get your friend to follow mgmcc's advice. If the port scan doesn't find any open ports then he's not vulnerable and should stop worrying.

Like this post
RobCharles1981

Likes # 0

Thanks Secret-Squirrel

But the links I provided explain how to disable this feature and I've had other opinions else where.

I will look into this further if anyone else has anything to contribute then feel free to say so.

Like this post
Secret-Squirrel

Likes # 0

"But the links I provided explain how to disable this feature.......I will look into this further............"

To repeat what I said yesterday, if your friend has no need for Windows File & Printer Sharing then by all means disable NetBIOS on your friend's PC (using the second link you found). However, because you've said your friend is using a router, that service is not accessible from the Internet so he's already well protected.

Perhaps it would be better if your friend could post here directly.

Like this post
RobCharles1981

Likes # 0

I've had an update from him.

and backing up 3tb drives dont work most time.. as the backup is larger than the free space.

this is not about data.. its about the OS.. and alienware has RESPAWN.. its like recovery only better

programs wont work on most alienware.. as it needs the respawn.. sadly this cant even be installed after you get a new drive as it requires dells partitions .. once those are gone there is not even WINDOWS recovery or backup no options for recovery.

He' sent me screen shots of the problem he's having and it's no Virus he says it's a "Person" on his account or Computer

He's tried blocking the appropriate ports

"I even tried blocking ports.. but sad FACT AGAIN is.. I dont even need internet connection for them to get in"

they have the mac address.. period.. and the bios id and service tag.. they even turned on the machine when no net was connected using WAKE ON LAN. (Why would they want this?)

wireless utility for dell intel bios.

its the certs I need to back up but by then the UNKNOWN users .. (2 in this case) 1 machine 2 users have already taken over

http://i.imgbox.com/aceo4Wsi.jpg http://i.imgbox.com/abxL9psH.jpg http://i.imgbox.com/aceqvlzh.jpg http://i.imgbox.com/abiQnWzv.jpg http://i.imgbox.com/adrGGT0t.jpg

Like this post
rdave13

Likes # 0

Ah. Similar to my sis-inlaw's problem with X-box. On-line gaming bring a heap load of fun.

Tell your mate to bin the online game as he's stuffed. His profile is already compromised, along with his email and bank details I wouldn't wonder.

Like this post
rdave13

Likes # 0

As for not being online for the PC to be compromised, it's only the permissions that are there. Once he connects to the net then the hacker gets in. It's some site your friend logs in, where the hacker can log in to his PC. Hence a gaming server comes to mind. He links to it and the hacker links to your friend's PC via it.

Like this post

Reply to this topic

This thread has been locked.



IDG UK Sites

Best Black Friday 2014 tech deals UK: Latest bargains on phones, tablets, laptops and more this...

IDG UK Sites

Tech trends 2015: 3D printing grows up

IDG UK Sites

10 mind-blowing Oculus Rift experiments that reveal VR's practical potential

IDG UK Sites

Black Friday 2014 UK: Apple deals, Amazon deals & other Black Friday tech offers