Does NetBios over TCP/IP need to be enabled NetBios over TCP/IP vs NetBios on TCP/IP
Posted 30 November 2009 - 08:15 PM
According to my understanding I should be able to disable NetBIOS over TCP/IP since I only have winxp computers on my network and winxp attaches its SMBs to TCP/IP differently [I think it's called NetBios on TCP/IP] than Win98 which used NetBios over TCP/IP. I thought NetBios over TCP/IP was necessary only if you were networking w/ earlier Win OS's but I've read a lot of conflicting info on the NetBIOS on or over TCP/IP over the years. Supposedly NetBios over TCP/IP constituted a significant security risk at one point - I don't know if it's still considered a risk currently.
I'd like to know if I should/can disable NetBios over TCP/IP but I don't want to experiment because I just got two-way access after months of troubleshooting and I am very tired of running that Network Wizard and running between 2 computers checking and changing settings. During that troubleshooting I tried enabling NetBios over TCP/IP on both computers for awhile. It didn't help so I disabled it again but apparently the Wizard thinks I need it.
Posted 30 November 2009 - 08:50 PM
In XP, NetBIOS is used primarily for the Browser Service to allow you to "see" other computers on your subnet and in the same workgroup or domain. Without this enabled, the computer cannot use any broadcast method to discover what's around them and must rely solely on other resolution methods. This is significant when you are trying to share folders from each machine so they are accessible to other workstations on the network.
Theoretically, you can shut down NetBIOS over TCP/IP and still function - and to a point it will, but you'll need to either use an LMHOSTS file or WINS oe local DNS server with WINS integration enabled to be able to browse shares or connect using UNC names rather than IP addresses.
For a local network such as yours and as long as you have a firewall between you and the internet that is correctly configured then leaving NetBIOS enabled is likely the way to go.
Hope this helps.
Posted 03 December 2009 - 07:27 PM
OK, I know now to enable netbios over tcp/ip but I'm still confused about why/what I'm doing.
Is the WINS tab giving me the choice between lmhosts or netbios over tcp/ip for file&printer sharing? Can one add an lmhosts file and enable netbios over tcp/ip? Will the client service check the lmhost file first and if it fails to connect thru lmhosts will it then query the master browser?
I understand that windows networking [file&printer sharing] in a peer-to-peer workstation setup relies on each computer broadcasting its netbios name and the master browser on one of the computer's server service setting up its table, etc. unless you configure a look-up table on each computer. My understanding was that windows computers had two ways for using the tcp/ip protocol for its broadcasting-type networking.[Vista & 7 are not in my KB] The difference between netbios on tcp/ip vs netbios over tcp/ip was in how the SMBs were attached to the ip protocol. Win95/98 used "over" and win2k/wnxp used "on".
At one point there were numerous articles stating that "over" represented a security risk that "on" didn't. [Later there were articles that "on" wasn't as secure as previously thought but "over" was still considered the bigger risk] Supposedly, if you had an all win2k/winxp workgroup you could disable or not enable "over" and your win2k/winxp computers would attach their SMBs in a more secure manner. The context was a workgroup w/ file&print sharing and an internet connection and no mention was made of lmhosts files. Since the manner in which the SMBs attach is too technical for me to understand, I don't understand the nature of the security risk. In my previous Win2k workgroup I made sure there were no unnecessary configuration settings to accommodate nonexistent win95/98 computers. Now I'm trying to ID where win2k & winxp are different and I'm still trying to nail down what does what in a win2k or winxp peer to peer workgroup where you have client/server services rather than client/server computers.
What I'd like to know is if the "enable netbios over tcp/ip" checkbox simply enables broadcast name resolution rather than actually enabling netbios over tcp/ip or does win2k/winxp use "over" for broadcasting and "on" for something else? The on/over terminology was usually restricted to articles making the distinction between win95/98's & win2k/winxp's use of tcp/ip for intranet connecting. The "enable netbios over tcip/ip" may be generic rather than specific and without the presence of win95/98 netbios on tcp/ip may be used. Or maybe it is specific and in order to utilize the more secure "on" one may need to use lmhosts rather than broadcast. Another possibility is that the on/over distinction is now considered moot and I missed those articles.
Posted 06 December 2009 - 01:41 PM
The client will first check it's cache, then WINS, then Broadcast, then the LMHOSTS/HOSTS, then DNS.
I've never heard of NetBIOS on TCP/IP, I'm not even sure that's real. The mechanism in Windows is NetBIOS over TCP/IP.
The security risk for NetBIOS being enabled is minimal while inside your protected LAN, but the concern is when it's unprotected. NetBIOS forces the computer to advertise it's name and any resources to the network. It also opens ports 137, 138 and 139.
Posted 18 December 2009 - 04:39 PM
I now know that "NetBIOS over TCP/IP" is the current term for windows broadcast intranetworking method and I can [theoretically] use both an LMHosts file and broadcasting for file sharing. If LMHosts gets checked after broadcasting, then I wouldn't think that making and importing one would speed up file sharing connections on a 2-3 computer workgroup .
Win2K was supposed to have a more secure way of utilizing TCP/IP for intranetwork connecting than Win98 that was termed NetBIOS on TC/IP by some writers [the ones I read] to distinguish it from however Win98 did it, which was called NetBIOS over TCP/IP. The "on" vs "over" had something to do w/ the technical details down at the packets/segments/sessions layers that I either don't remember or didn't have the know-how to understand. NetBEUI came into it also. It may be that "NetBIOS over TCP/IP" was used by the authors to refer to using both NetBEUI & TCP/IP in these articles and "NetBIOS on TCP/IP" was having TCP/IP as the only protocol installed. If I remember correctly, Win98 had to use NetBEUI for file sharing, so you had to have both TCP/IP & NetBEUI installed and that caused the "over" problem. With home routers now common making that distinction is probably moot even for networks that still have a Win98 computer.
Back when I was reading those articles Win2K was new and there were a lot of Win98 computers in business as well as home networks connecting to the internet and there were lots of security problems being discovered the hard way. Then both my life and computers crashed. When I finally rebooted I was doing so w/ WinXP computers and some things are the same and some things are very, very different - like the Everyone group in WinXP Prof does not have the anonymous logon group so I don't have to go into every share & ntfs permissions tab and remove Everyone immediately.
Posted 11 March 2010 - 10:51 PM
Per Ref 1 "Removing the NetBIOS transport" [i.e. disabling "NetBIOS over TCP/IP"] removes NetBIOS broadcast as a means of name resolution. To disable NetBIOS over TCP/IP in win2k & winxp you apparently have to network without using name resolution via broadcasting. I don't what type of windows networking has that option, but peer to peer windows doesn't.
Back in 2002 when I was trying to set up an all win2k prof network, there were multiple articles about "NetBIOS over TCP/IP", also called NtBT, being a big security risk. Articles were pretty unanimous & vehement about not using NtBT and uninstalling NetBEUI if you connected to the internet and had TCP/IP installed. If you had to connect to win95/98 or winnt computers and therefore had to install the NetBEUI protocol, you were supposed to unbind MS Client and File & Printer Sharing from tcp/ip. [I came across one dissenting article on the need for unbinding tcp/ip]
Some of these articles were in the context of setting up home networks. In none of the articles was it stated that using windows broadcasting required the use of NetBIOS over TCP/IP. I wish I could locate some of those articles so I could have another go at understanding the nature of the risk of layered SMBs vs directly hosted SMBs. Maybe it's moot now.
Unfortunately, MS articles and others are not careful to define what they mean by "NetBIOS" or "NtBT" or to be clear about which networking environment to which they are referring when discussing network configuration. NetBIOS was an early networking protocol by IBM & Sytec that MS added network browsing and other features to make the NetBEUI protocol. Windows computers could intranet just using NetBEUI. In order to communicate w/ the internet TCP/IP protocols had to be added and MS used NetBEUI to layer its SMBs on top of TCP/IP. NetBEUI running on top of TCP/IP was called NtBT and also NetBIOS over TCP/IP.
Putting this and that together and guessing, I don't think it was appreciated back in 2002 that win2k still required NetBEUI over TCP/IP for windows broadcast networking because it was no longer necessary to install the NetBEUI protocol to network win2k computers - you could just install TCP/IP. But an MS article on the Common Internet File System Ref 4 has a diagram that shows the NtBT function native to win2k - I'm thinking NetBEUI is sort of already installed on win2k & winxp.
It may be that name resolution via broadcast for win2k/winxp is done via NetBIOS over TCP/IP and file sharing is done via direct hosting. Per Wikipedia "Since Windows 2000, SMB runs by default directly on top of TCP — a feature known as "direct host SMB" where the server service listens on TCP port 445" Ref 5
I did a portqry -n on my win2k prof computer [client service] file sharing w/ my winxp prof [server service] and the established connection between System on the win2k used UDP ports 137 & 138 to connect to port 139 on the other computer. Per Ref 6 that's NetBIOS over TCP/IP. Meanwhile TCP 445 was listening to remote port 0.0.0.0:2064 [I haven't found out what port 0.0.0.0:2064 is yet]- that's direct hosting.
I know both transport methods are enabled on the win2k computer - I did the commands in Ref 1 - but I don't know if direct hosting is ever used. I don't see a way to configure file sharing to use direct hosting - altho there may be a cmd.exe command or registry change or sdk tool - and I don't know if there's any need/advantage to do so. I don't see what all the hoopla about direct hosting was about if broadcast name resolution can't use it and file sharing can but apparently doesn't.
This post has been edited by AnnieMS: 12 March 2010 - 04:04 PM
- ← Connect to other internet through another
- Networks and the Internet
- What to do with old built in Lan →