Your Ad Here

Not many computers are reachable over the Internet using NetBIOS commands - maybe only a few million. But what the heck, a few million is enough to keep a hacker from getting bored. And if you know what to look for, you will discover that there are a lot of very busy hackers and Internet worms searching for computers they can break into by using NetBIOS commands. By learning the dangers of NetBIOS, you can get an appreciation for why it is a really, truly BAD!!! idea to use it.
Newbie note: a worm is a program that reproduces itself. For example, Code Red automatically searched over the Internet for vulnerable Windows computers and broke into them. So if you see an attempt to break into your computer, it may be either a human or a worm.
If you run an intrusion detection system (IDS) on your computer, you are certain to get a lot of alerts of NetBIOS attacks. Here's an example:
The firewall has blocked Internet access to your computer (NetBIOS Session) from (TCP Port 1032) [TCP Flags: S].
Occurred: 2 times between 10/29/2002 7:38:20 AM and 10/29/2002 7:46:18 AM
A Windows NT server on my home network, which has addresses that all start with 10.0.0, caused these alerts. In this case the server was just doing its innocent thing, looking for other Windows computers on my LAN (local area network) that might need to network with it. Every now and then, however, an attacker might pretend to have an address from your internal network even though it is attacking from outside.
If a computer from out on the Internet tries to open a NetBIOS session with one of mine, I'll be mighty suspicious. Here's one example of what an outside attack may look like:
The firewall has blocked Internet access to your computer (NetBIOS Name) from 999.209.116.123 (UDP Port 1028).
Time: 10/30/2002 11:10:02 AM
(The attacker's IP address has been altered to protect the innocent or the guilty, as the case may be.)

Want to see how intensely crackers and worms are scanning the Internet for potential NetBIOS targets? A really great and free IDS for Windows that is also a firewall is Zone Alarm. You can download it for free from . You can set it to pop up a warning on your screen whenever someone or some worm attacks your computer. You will almost certainly get a NetBIOS attack the first day you use your IDS.
Do you need to worry when a NetBIOS attack hits? Only if you have enabled NetBIOS and Shares on your computer. Unfortunately, in order to explore other computers using NetBIOS, you increase the danger to your own computer from attack by NetBIOS. But, hey, to paraphrase a famous carpenter from Galilee, he who lives by the NetBIOS gets hacked by the NetBIOS.
Newbie note: NetBEUI (NetBIOS Extended User Interface) is an out-of-date, crummy, not terribly secure way for Windows computers to communicate with each other in a peer-to-peer mode. NetBIOS stands for network basic input/output system.
Newbie note: Shares are when you make it so other computers can access files and directories on your computer. If you set up your computer to use NetBIOS, in Win XP using the NTFS (new technology file system) you can share files and directories by bringing up My Computer. Click on a directory - which in XP is called a "folder". In the left-hand column a task will appear called "Share this folder". By clicking this you can set who can access this folder, how many people at a time can access it, and what they can do with the folder.
There are a number of network exploration commands that only NetBIOS uses. We will show how to use nbtstat and several versions of the net command.

How to Install NetBIOS

You might have to make changes on your system in order to use these commands. Here's how to enable NetBIOS for Windows XP. (If you are stuck with Windows 95, 98, SE or ME, see the end of this Guide for how to enable NetBIOS.) Click:
Control Panel -> Network Connections
There are two types of network connections that may appear here: "Dial-up" and "LAN or High-Speed Internet".
Newbie note: A dial-up connection uses a modem to reach the Internet. LAN stands for local area network. It's what you have if two or more computers are linked to each other with a cable instead of modems. Most schools and businesses have LANs, as well as homes with Internet connection sharing. A DSL or cable modem connection will also typically show up as a LAN connection.
To configure your connections for hacking, double click on the connection you plan to use. That brings up a box that has a button labeled "Properties". Clicking it brings up a box that says "This connection uses the following items:"
You need to have both TCP/IP and NWLink NetBIOS showing. If NWLink NetBIOS is missing, here's how to add it. Click Install -> Protocol -> Add NWlink/IPX/SPX/NetBIOS Compatible Transport Protocol.
Newbie note: NWLink refers to Novell's Netware protocol for running a LAN.
How to Use Nbtstat
To get started, bring up the cmd.exe command. Click Start -> Run and type cmd.exe in the command line box. This brings up a black screen with white letters. Once it is up, we will play with the nbtstat command. To get help for this command, just type:
C:\>nbtstat help
One way to use the nbtstat command is to try to get information from another computer using either its domain name (for example, its numerical Internet address (for example,'s numerical address is, or its NetBIOS name (if you are on the same LAN).
C:\>nbtstat -a

War games using NETBIOS
What if you want to challenge your friends to a hacker wargame using NetBIOS? The first thing to do is *don't* email me asking me to break in for you. Sheesh. Seriously, almost every day I get emails from people claiming to have permission from their girlfriend/boyfriend and begging me to help them break in.
The way to run a hacker wargame over the Internet is first, get permission from your Internet provider so they don't kick you off for hacking. They probably run an IDS that scans users for suspicious activity. They probably hate malicious hackers. Enough said.
Second, you and your friends are likely to be at a different Internet address every time you log on. Your safest way to play over the Internet is for each player to get an Internet address that is the same every time he or she logs on: a "static" address. This way you won't accidentally break into someone else's computer.
You have to arrange with your Internet provider to get a static address. Normally only a local provider can do this for you. A big advantage of using a local provider is you can make friends with the people who work there - and they are probably hackers.
If you live in an apartment building or dormitory with other hackers, you can play break-in games without using the Internet. Set up a LAN where you can play together. For example, you can string Ethernet cable from window to window. To learn how to set up a Windows Ethernet LAN, see .
Or you could set up a wireless LAN. With wireless you never know who might come cruising with a laptop down the street by your home or business and break in. That can make a wargame lots more fun. For help on how to break into wireless LANs (it's pathetically easy),

Posted by Cyber Trunks


Your Ad Here