Securing NETBIOS

Follow

Following on from DNS Amplification DDOS attacks, more recently NETBIOS services are being utilised for Amplification DDOS attacks to reflect traffic against other networks. 

You can read up on this further at the below URL

https://www.shadowserver.org/wiki/pmwiki.php/Services/Open-NetBIOS

The easiest way to resolve this issue, is by creating a Firewall rule, to block Port 137, for incoming traffic for UDP - except for IP Ranges which are trusted.

Below are some basic examples when testing, showing before, and after information using the nbtstat command in Windows CMD Prompt.

Testing - Before

Testing - After

Have more questions? Submit a request

Comments

Powered by Zendesk