What's New!

Chat with
Hackers

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

GUIDE TO (mostly) HARMLESS HACKING
Beginners' Series Number 9
Hacking with Windows
Part 2: The Magic of NetBIOS
In this guide you will learn how to explore the Internet using Windows and NetBIOS:
Not many computers are reachable over the Internet using NetBIOS commands - maybe only a few million. But what the heck, a few million is enough to keep a hacker from getting bored. And if you know what to look for, you will discover that there are a lot of very busy hackers and Internet worms searching for computers they can break into by using NetBIOS commands. By learning the dangers of NetBIOS, you can get an appreciation for why it is a really, truly BAD!!! idea to use it.
*****************
Newbie note: a worm is a program that reproduces itself. For example, Code Red automatically searched over the Internet for vulnerable Windows computers and broke into them. So if you see an attempt to break into your computer, it may be either a human or a worm.
*****************
If you run an intrusion detection system (IDS) on your computer, you are certain to get a lot of alerts of NetBIOS attacks. Here's an example:
The firewall has blocked Internet access to your computer (NetBIOS Session) from 10.0.0.2 (TCP Port 1032) [TCP Flags: S].
Occurred: 2 times between 10/29/2002 7:38:20 AM and 10/29/2002 7:46:18 AM
A Windows NT server on my home network, which has addresses that all start with 10.0.0, caused these alerts. In this case the server was just doing its innocent thing, looking for other Windows computers on my LAN (local area network) that might need to network with it. Every now and then, however, an attacker might pretend to have an address from your internal network even though it is attacking from outside.
If a computer from out on the Internet tries to open a NetBIOS session with one of mine, I'll be mighty suspicious. Here's one example of what an outside attack may look like:
The firewall has blocked Internet access to your computer (NetBIOS Name) from 999.209.116.123 (UDP Port 1028).
Time: 10/30/2002 11:10:02 AM
(The attacker's IP address has been altered to protect the innocent or the guilty, as the case may be. There is no Internet address that includes “999”)
Want to see how intensely crackers and worms are scanning the Internet for potential NetBIOS targets? A really great and free IDS for Windows that is also a firewall is Zone Alarm. You can download it for free from http://www.zonelabs.com . You can set it to pop up a warning on your screen whenever someone or some worm attacks your computer. You will almost certainly get a NetBIOS attack the first day you use your IDS.
Do you need to worry when a NetBIOS attack hits? Only if you have enabled NetBIOS and Shares on your computer. Unfortunately, in order to explore other computers using NetBIOS, you increase the danger to your own computer from attack by NetBIOS. But, hey, to paraphrase a famous carpenter from Galilee, he who lives by the NetBIOS gets hacked by the NetBIOS.
********************
Newbie note: NetBEUI (NetBIOS Extended User Interface) is an out-of-date, crummy, not terribly secure way for Windows computers to communicate with each other in a peer-to-peer mode. NetBIOS stands for network basic input/output system.
Newbie note: Shares are when you make it so other computers can access files and directories on your computer. If you set up your computer to use NetBIOS, in Win XP using the NTFS (new technology file system) you can share files and directories by bringing up My Computer. Click on a directory - which in XP is called a "folder". In the left-hand column a task will appear called "Share this folder". By clicking this you can set who can access this folder, how many people at a time can access it, and what they can do with the folder.
********************
There are a number of network exploration commands that only NetBIOS uses. We will show how to use nbtstat and several versions of the net command.
Next: How to Install NetBIOS -->



Carolyn's most
popular book,
in 4th edition now!
For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Email:
Visit this group



Return to the index of Guides to (mostly) Harmless Hacking!

© 2013 Happy Hacker All rights reserved.