This post is more than 5 years old
1 Rookie
•
359 Posts
0
2694
How can I disable NetBios traffic on Celerra CIFS server?
We do not use NetBios on our network so in my crusade to eliminate it along with LLMNR protocol, I have a running Wireshark filter that indicates the only things left are two FreeNAS boxes and our Celerra's CIFS IP.
How can I disable NBNS (NetBios Name Service) on the CIFS server off an EMC Celerra?
kjstech
1 Rookie
1 Rookie
•
359 Posts
0
July 15th, 2015 07:00
I ended up blocking it on the switch
Cisco 3750 series switches are used at our facilities.
Extended IP access list NETBIOS
deny tcp any any eq 135
deny udp any any eq 135
deny tcp any any range 137 139
deny udp any any range netbios-ns netbios-ss
deny tcp any any eq 445
deny udp any any eq 445
deny udp any any eq 5355
permit ip any any
Then attach that access list to the ports that the CIFS interfaces are connected to with
ip access-group NETBIOS in
where in this example the access list name is NETBIOS. (In theory you could name it anything you want or incorporate it with other access lists.)
Otherwise on our network via GPO we disable Multicast Name Resolution (LLMNR), disable netbios via DHCP option 001, and on static servers or non-domain joined systems we manually disable netbios on the interfaces and LLMNR with local security policy. This greatly reduces man in the middle attacks using SMB relay, even though we turned on force SMB encryption to mitigate that attack our Pen tester demonstrated to us, we went further and disabled those protocols entirely. In a modern business network I highly recommend it.
Jyothi_P_Bharat
317 Posts
0
July 15th, 2015 05:00
Hi Saurek,
Please have a look on this kb mentioned below,it might help you but not sure about it:
81051
Thanks
Jyothi
Rainer_EMC
8.6K Posts
0
July 15th, 2015 06:00
Sorry, but not even close
umichklewis
1.2K Posts
0
July 15th, 2015 11:00
SMB encryption would be nice, but there's a serious lack of SMB encryption support with SMB devices, such as scanners, MFP devices, etc. etc. It's unfortunate, since it would mitigate a lot of attack vectors.
Thanks for posting the resolution you applied!