GUIDE TO (mostly) HARMLESS HACKING
Beginners' Series Number 9
Hacking with Windows XP
Part 2: The Magic of NetBIOS
In this guide you will learn how to explore the Internet using
Windows XP and NetBIOS:
Not many computers are reachable over the Internet using NetBIOS
commands - maybe only a few million. But what the heck, a few
million is enough to keep a hacker from getting bored. And if
you know what to look for, you will discover that there are a
lot of very busy hackers and Internet worms searching for computers
they can break into by using NetBIOS commands. By learning the
dangers of NetBIOS, you can get an appreciation for why it is
a really, truly BAD!!! idea to use it.
*****************
Newbie note: a worm is a program that reproduces itself. For
example, Code Red automatically searched over the Internet for
vulnerable Windows computers and broke into them. So if you see
an attempt to break into your computer, it may be either a human
or a worm.
*****************
If you run an intrusion detection system (IDS) on your computer,
you are certain to get a lot of alerts of NetBIOS attacks. Here's
an example:
The firewall has blocked Internet access to your computer
(NetBIOS Session) from 10.0.0.2 (TCP Port 1032) [TCP Flags: S].
Occurred: 2 times between 10/29/2002 7:38:20 AM and 10/29/2002
7:46:18 AM
A Windows NT server on my home network, which has addresses
that all start with 10.0.0, caused these alerts. In this case
the server was just doing its innocent thing, looking for other
Windows computers on my LAN (local area network) that might need
to network with it. Every now and then, however, an attacker
might pretend to have an address from your internal network even
though it is attacking from outside.
If a computer from out on the Internet tries to open a NetBIOS
session with one of mine, I'll be mighty suspicious. Here's one
example of what an outside attack may look like:
The firewall has blocked Internet access to your computer
(NetBIOS Name) from 999.209.116.123 (UDP Port 1028).
Time: 10/30/2002 11:10:02 AM
(The attacker's IP address has been altered to protect the innocent
or the guilty, as the case may be.)
Want to see how intensely crackers and worms are scanning
the Internet for potential NetBIOS targets? A really great and
free IDS for Windows that is also a firewall is Zone Alarm. You
can download it for free from http://www.zonelabs.com . You can
set it to pop up a warning on your screen whenever someone or
some worm attacks your computer. You will almost certainly get
a NetBIOS attack the first day you use your IDS.
Do you need to worry when a NetBIOS attack hits? Only if you
have enabled NetBIOS and Shares on your computer. Unfortunately,
in order to explore other computers using NetBIOS, you increase
the danger to your own computer from attack by NetBIOS. But,
hey, to paraphrase a famous carpenter from Galilee, he who lives
by the NetBIOS gets hacked by the NetBIOS.
********************
Newbie note: NetBEUI (NetBIOS Extended User Interface) is an
out-of-date, crummy, not terribly secure way for Windows computers
to communicate with each other in a peer-to-peer mode. NetBIOS
stands for network basic input/output system.
Newbie note: Shares are when you make it so other computers
can access files and directories on your computer. If you set
up your computer to use NetBIOS, in Win XP using the NTFS (new
technology file system) you can share files and directories by
bringing up My Computer. Click on a directory - which in XP is
called a "folder". In the left-hand column a task will
appear called "Share this folder". By clicking this
you can set who can access this folder, how many people at a
time can access it, and what they can do with the folder.
********************
There are a number of network exploration commands that only
NetBIOS uses. We will show how to use nbtstat and several versions
of the net command.
Next: How to Install NetBIOS -->
