You are quite right in stating that NetBIOS is not a protocol in the true
sense of the word. It is a group of command request/response pairs (I
think it is 22 or so) that gave a consistent method of accessing network
primitives such as add name, send, receive, listen, adapter status etc.
Many would argue the toss that this is all any protocol is and this closer
to an API than anything else, but who really cares about semantics? Due to
its very straightforward nature it was used to implement the original IBM
PC Network program suite.
NetBEUI came along as a full fledged local area high speed protocol with
dynamic windowing, raw io, data streaming, etc. This protocol was used by
the original Lan Manger, Lan Server and Windows for Workgroups. NetBEUI
provided the high speed transport for SMB.
NetBIOS is not only implemented over IP in NBT but is implemented in the
Novell world over IPX. All implementations that are not based on a NetBEUI
transport are significantly slower due the increased packet and formatting
overhead. However, if you want to be able to route data you can't use
NetBEUI. The complete non routability of NetBEUI has been used to produce
small site "firewall" products, such as Glenrowan by Somerset Systems.
A really nice thing to do for your users is put them all on NetBEUI for
local services while retaining IP for external access. Others take it
further by only having NetBEUI internally and running a proxy server for
external access. This way even if some malicious person does break in they
will not get very interesting results from you local site (unless they
crack your proxy server, bring up netmon, find your admin id/password, get
onto your logon server, crack security on the netlogon share and modify the
logon script to install TCP/IP on all workstation and get one your servers
to supply some knid of DHCP/ BOOTP. Is there a sript for this one?).
If you are running a Windows environment with NetBEUI and IP to improve
local performance and cut down on general traffic ensure that the interface
(in Network Neighbourhood - Properties - Services - NetBIOS interface -
properties) running Nbf is set to 000. Also, ensure that NetBEUI is the
first protocol everywhere (go to Bindings - all services - etc).
Depending on your network this can give up to a third higher throughput.
Kafil.
"Lance Ecklesdafer" <[EMAIL PROTECTED]> on 09/04/99 10:00:56
To: "Kafil Din" <[EMAIL PROTECTED]>, "Christopher J. Witter"
<[EMAIL PROTECTED]>
cc: "pdmallya" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: Netbios
I am given to understand that NETBIOS is itself not a protocol at all.
NETBEUI is a very fast and efficient protocol, but it is not routable and
does not scale. For a small network like most small offices and small
businesses, this is one of the fastest protocols available. In order to be
able to scale and support backwards compatibility along comes NBT. This
protocol allows NETBIOS calls from workstations and servers to traverse a
network with more than one physical segment. Layer 3 devices will forward
NBT packets and you can also configure most layer 3 devices to forward
broadcast traffic for functions like DHCP and WINS.
In Cisco, this is the helper address when configuring IP interfaces.
Just MHO ...
Lance.
Lance Ecklesdafer, CNP
Senior Network Engineer
re:Sources, Inc.
[EMAIL PROTECTED]
http://members.tripod.com/ecklesd
"My God ... It's full of stars"
-----Original Message-----
From: Kafil Din <[EMAIL PROTECTED]>
To: Christopher J. Witter <[EMAIL PROTECTED]>
Cc: pdmallya <[EMAIL PROTECTED]>; [EMAIL PROTECTED]
<[EMAIL PROTECTED]>
Date: Thursday, April 08, 1999 12:22 AM
Subject: Re: Netbios
>
>
>
>NetBIOS itself certainly can't be routed but they will be using NBT which
>is NetBIOS encapsulated in IP. This certainly can be routed and is how
>they have been passing NetBIOS around on IP networks for years.
>
>If you are using NT DNS in the picture and have Enable DNS for WINS
>resolution turned on you can actually resolve NetBIOS names to IP
>addresses.
>
>Provided your firewal does not allow inbound connection and the
>userid/password used to connect to the external share is not one you use
>internally then you should not have an exposure.
>
>Kafil.
>
>
>
>
>
>"Christopher J. Witter" <[EMAIL PROTECTED]> on 08/04/99 03:16:27
>
>
>To: pdmallya <[EMAIL PROTECTED]>
>cc: [EMAIL PROTECTED]
>Subject: Re: Netbios
>
>
>
>
>Netbios can't be routed so unless you are using a VPN to bridge the two
>networks together than and they are then on the same IP subnet then this
>isn't possible.
>
>Christopher Witter
>MCSE, MCP +Internet, ICIS, IIAE
>
>Windows NT Crashed.
>I am the Blue Screen of Death.
>No one hears your screams.
>
>On Wed, 7 Apr 1999, pdmallya wrote:
>
>> Hi,
>>
>> A department in my company wants to permit PC's in our network to access
>> files in machines on an external network using Netbios file-sharing. I'm
>> being told that this does not open any loopholes in our security,
>because:
>> (a) we can connect our network to the external one using a Checkpoint
>> Firewall, with a rule permitting NBT connections from our internal PCs
to
>> the external machines containing the files. There will be no rule
>permitting
>> a reverse connection.
>> (b) there will be no shared disks on our network, and the Checkpoint
>rules
>> will enforce this.
>> (c) ergo, our network is not exposed in any way.
>>
>> I am not quite convinced - can anyone give me some more information or
>> pointers on this?
>>
>> TIA & Regards
>>
>> Prabhakar D. Mallya
>>
>>
>> -
>> [To unsubscribe, send mail to [EMAIL PROTECTED] with
>> "unsubscribe firewalls" in the body of the message.]
>>
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>
>
>
>
>
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
