NetBios enumeration

NetBIOS is outdated but still lives on in some older systems, sometimes for backward compatability. It is the equivalent of broadcasting names to look for each other but is not routable. It is local network only. If no one on the other network can use it for your network, then no one there can access your NetBIOS shared folders and printers, unless one has gained access to your local network. You can also access NetBIOS machines with a WINS server. That is the NetBIOS equivalent of a DNS server.

NetBIOS software runs on port 139 on the Windows operating system. File and printer services need to be enabled to enumerate NetBIOS over Windows. An attacker can perform the following on the remote machine:

  • Choosing to read or write to a remote machine, depending on the availability of shares.

  • Launching a Denial of Service (DoS) attack on the remote machine.

  • Enumerating password policies on the remote machine.

Tools

Remediation

  • Minimise the attack surface by minimising the unnecessary service like Server Message Block (SMB).

  • Remove file and printer sharing in Windows OS.