How do you disable NetBios?

[kjstech]

We eliminated Netbios and LLMNR from our network so I am running Wireshark with the filters nbns or udp.port eq 5355 just to ensure there is no traffic on these protocols.

I have two FreeNas boxes and they seem to be the only ones still speaking the NetBios protocol and they try to query the domain name.

Disabling Netbios (and the newer LLMNR) helps with network security and we do not have any application that would require it. I hope we can disable Netbios on FreeNas, I am just not sure how to go about doing it.

 

[anodos]

I'm not sure if you can disable nmbd easily (the netbios name server component of samba) on FreeNAS.
You can disable netbios in smbd by setting the auxiliary parameter: "disable netbios = yes". This will disable NBT. Your pcap may still show NBNS packets originating from your FreeNAS server because of nmbd.

 

[kjstech]

Ok with the spaces and all? I added it (seems strange to have all the spaces in it) and restarted CIFS and yes my caputre still saw nbns packets. No way to fix this?
Filter it out at the switchport I suppose?

 

[anodos]

Ok with the spaces and all? I added it (seems strange to have all the spaces in it) and restarted CIFS and yes my caputre still saw nbns packets. No way to fix this?
Filter it out at the switchport I suppose?
View attachment 8163

That parameter only disables NBT. In order to stop broadcast of NBNS packets you will need to stop the nmbd service. Since the security risk of running nmbd in minimal, and that disabling it will require stopping it manually through the CLI every time that samba restarts, you're better off just leaving it running.

 

[kjstech]

I was able to stop the broadcast by creating an access list on the switch and attaching it to the ports that our FreeNAS boxes are plugged into. I followed the guidelines here:

http://slaptijack.com/networking/using-acls-to-block-netbios-traffic-on-cisco-catalyst-switches/

I tested with our Veeam Virtual Machine and it was still able to access the shares on our FreeNAS boxes which are used to house virtual machine backup images from the Veeam B&R application.