Enabling NetBIOS name traffic with Norton Internet Security / Norton Personal Firewall

Enabling NetBIOS name traffic with Norton Internet Security / Norton Personal Firewall
Situation:

You have problems connecting to your internet connection over a cable modem after installing Norton Internet Security (NIS) or Norton Personal Firewall (NPF).

Solution:

If you are connected to the Internet by cable or DSL, your ISP may require nbname and nbdatagram access to assign you an IP address. Although these systems are no longer common, if you are unable to connect, it may apply to you.

There are three services used by Microsoft File and Print Sharing (using the NetBIOS software interface). These are:

netbios-ns (nbname): NetBIOS name service. This is used for identifying machines on the network. On UDP, it uses port 137.

netbios-dgm (nbdatagram): NetBIOS datagram service. The datagram service operates over UDP port 138 for data transfer.

netbios-ssn (nbsession): NetBIOS session service. This is used for file and print sharing connections. It uses TCP port 139.

The nbname and nbdatagram services identify your system on the Internet Service Provider's (ISP's) network. The sharing occurs through the nbsession service. NIS and NPF will disable these services by default, due to the various security implications surrounding NetBIOS.

If your ISP needs these NetBIOS services, you can set Norton Internet Security (NIS) to allow them by following these steps:

Open NIS.
Click Options and select Internet Security.
Click Advanced Options.
Click the Firewall tab.
Scroll through the rules list and look for the following rules:

Default Inbound NetBIOS

Default Inbound NetBIOS Name

6. Select "Default Inbound NetBIOS" and click Modify.

7. Change Action from Block to Permit.

8. Click OK.

9. Select "Default Inbound NetBIOS Name" and click modify.

10. Change Action from Block to Permit (similar to example graphic above).

11. Click OK.

Once you have done this, your NetBIOS name will be sent over your ISP's network when you try to log in. It is recommended that you reboot your system and log on to your ISP so it can assign you a valid IP address.

Allowing the NetBIOS name to go out over the internet is not a major security risk, but can allow others on the internet to know what you called your computer, what your network cardÆs address is, and what file shares you may have. After this process, this information will be available on the internet, but FILE SHARING WILL STILL BE PROTECTED. The actual file and print sharing ability requires the NetBIOS Session, which is handled in a separate rule (called Default Block NetBIOS Networking).

More Information:

For more information on NetBIOS and file and print sharing, see the NetBIOS FAQ.

For more detailed information on more secure models of home networking, and how to share files on a machine protected with Norton Internet Security, see the knowledge base articles on interaction between computers on a LAN and setting up a small network.

Additional details on setting up a trusted relationship between computers on a local network can be found in the user's manual (Troubleshooting / Questions about Home Networking section).