Service: NetBios findings indicate a device is reaching out to Windows NetBios networks via an abandoned domain. Windows/NetBios connections represent a vulnerability because the NetBios protocol has known security vulnerabilities and is a common attack target. Domain owners can interact with endpoints, potentially hijacking Windows Challenge/Response (NTLM) authentication credentials.
How to Locate the System and Remediate
Select a Service:NetBios finding in the Findings Table and locate the following fields in the details sheet. You can use the information in these fields to search tier web traffic logs, locate the system, and then reconfigure or disable the destination access.
Source IP
= The source IP address.Source Port
= The source port number.Representative Event Timestamp
= The date and time (UTC) when the finding was observed.
If NetBios connectivity is required, tunnel any connections through a secure Virtual Private Network (VPN) connection for additional security. Implement strong passwords and either strong password handling protocols or a key authentication system.
Feedback
0 comments
Please sign in to leave a comment.