Menu
Reply
  • 4
  • 0
  • 1
dcfij
Tuning in
3,972 Views
Message 1 of 52
Flag for a moderator

NetBIOS scan letter?

Hi, I got a letter from Virgin this week telling me that one of my devices has a potential NetBIOS vulnerability.

I am mainly on Apple. So I checked file sharing on MacBook and it is off. I also checked my super hub and remote access is disabled.

My public IP address is in the letter and it seems this has been identified by an external company, netbiosscan.shadowserver.org

Mistake, or am I missing something?!

Thanks in advance, 

David

 

0 Kudos
Reply
  • 2
  • 0
  • 0
Piplodocus
Joining in
3,925 Views
Message 2 of 52
Flag for a moderator

Re: NetBIOS scan letter?

I just got one of these letters too. I'm using router only mode to an Airport Time Capsule. Then various stuff I think should be quite secure, but then have a very old Mac in the living room too, and also have a lodger with a load of cheap-ass devices probably with out of date android versions on most of them. :-/

Legit? Should I go to that Web link? Or is it dodgy? Any clues?
0 Kudos
Reply
  • 1.43K
  • 154
  • 458
Superuser
Superuser
3,833 Views
Message 3 of 52
Flag for a moderator

Re: NetBIOS scan letter?

 You can read about Shadowserver here: https://en.wikipedia.org/wiki/Shadowserver

  • 2
  • 0
  • 0
Piplodocus
Joining in
3,786 Views
Message 4 of 52
Flag for a moderator

Re: NetBIOS scan letter?

So how do I work out what device is the concern?
0 Kudos
Reply
  • 12.71K
  • 1.62K
  • 3.74K
Superuser
Superuser
3,780 Views
Message 5 of 52
Flag for a moderator

Re: NetBIOS scan letter?

If the scan shows you vulnerable just now, you could turn 'em all off, then bring one device up back one at a time, use the test link on it. Power up another and do the test with that, repeat until find the culprit

- - - - - -
Any opinions expressed by myself are entirely my own and do not represent Virgin Media in any way.
0 Kudos
Reply
  • 4
  • 0
  • 1
MacUser04
Tuning in
3,762 Views
Message 6 of 52
Flag for a moderator

Re: NetBIOS scan letter?

I have the same letter and a similar set up but none of the Virgin Media suggested fixes work with my set up as Modem mode for SuperHub and my OS X Macs already have the right settings so I assume it is something to do with the Airport settings but not sure what and whether it is vulnerable.

0 Kudos
Reply
  • 4
  • 0
  • 1
MacUser04
Tuning in
3,762 Views
Message 7 of 52
Flag for a moderator

Re: NetBIOS scan letter?

I have the same letter and a similar set up but none of the Virgin Media suggested fixes seem to have an issue with my set up. My SuperHub is in Modem mode so cannot change the advance settings and my OS X Macs already have the right settings per the instructions.  I assume it is something to do with the Airport settings but not sure what and whether it is vulnerable and how to stop it.  Any suggestions?  Thanks.

0 Kudos
Reply
  • 11
  • 0
  • 0
BBloke
Tuning in
3,628 Views
Message 8 of 52
Flag for a moderator

Re: NetBIOS scan letter?

I had the same.  I understand it and know the culprit and why and what to do about it.  Sad thing is the Hub 3.0 is next to useless when it comes to anything relating to this.

Thankfully the device in question can be configured to block it's own ports.  Which is what I've done.

Fingers crossed that resolves the issue but this is only based on the ports as noted for a Hub 2.0 solution.

0 Kudos
Reply
  • 4
  • 0
  • 1
dcfij
Tuning in
3,609 Views
Message 9 of 52
Flag for a moderator

Re: NetBIOS scan letter?

Hi BBloke, how did you know which device was causing the problem?!
0 Kudos
Reply
  • 11
  • 0
  • 0
BBloke
Tuning in
3,602 Views
Message 10 of 52
Flag for a moderator

Re: NetBIOS scan letter?

I use DMZ on my router so all traffic leads to one device. It has a built in firewall so I've blocked ports 139, 922 and 1022.

I've had this setup for a while so I can only think the letters are something new virgin are using.

Fingers crossed I'll be covered.

I google for a port scanning website and checked it. As someone posted earlier only way you can test it is to turn everything off but the router and a PC.

Test scan port 139.
Turn on a device test again.
Rinse and repeat.
0 Kudos
Reply