OPNsense Forum

English Forums => General Discussion => Topic started by: Tikimotel on June 17, 2016, 05:59:48 pm

Title: Disable NetBIOS from the DHCP service
Post by: Tikimotel on June 17, 2016, 05:59:48 pm

I Follow the TechSNAP show on jupiterbroadcasting/youtube.
http://www.jupiterbroadcasting.com/100526/apple-pretend-filesystem-techsnap-271/ (http://www.jupiterbroadcasting.com/100526/apple-pretend-filesystem-techsnap-271/)

news story:
http://news.softpedia.com/news/badtunnel-bug-hijacks-network-traffic-affects-all-windows-versions-505294.shtml (http://news.softpedia.com/news/badtunnel-bug-hijacks-network-traffic-affects-all-windows-versions-505294.shtml)

Quote

“Exploitation points remain open for non-supported Windows operating systems such as XP, Windows Server 2003, and others, for which patches have not been released. For these operating systems, and for those that can’t be updated just yet, system administrators should disable NetBIOS.”

Most windows machines are setup as "default", so if DHCP query sets nothing the NetBIOS is interpreted as "enabled".


So this started me tinkering around (services.inc), what do you need to setup in "DHCPD.conf" to disable NetBIOS from the DHCP service.

So I did some google searches and found this code example for Linux (ICS DHCP).
http://www.bakarasse.de/pages/en/linux/disable-netbios-via-dhcp.php?lang=EN (http://www.bakarasse.de/pages/en/linux/disable-netbios-via-dhcp.php?lang=EN)

I only got the single host example to work with my static DHCP leases, adding the code in the "pool" didn't work.
Maybe the wrong location? Or it does not work in a "pool".

Partial "dhcpd.conf" after tinkering.

Code: [Select]


option domain-name "home";
option ldap-server code 95 = text;
option domain-search-list code 119 = text;
option arch code 93 = unsigned integer 16; # RFC4578

# to save the vendor id in the lease db:
set vendor-id = option vendor-class-identifier;

# specifying the option space name:
option space MSFT;
option MSFT.nbt                 code 1 = unsigned integer 32;


default-lease-time 7200;
etc...


Code: [Select]

host s_lan_0 {
        hardware ethernet 00:11:22:aa:bb:cc;
  fixed-address 192.168.0.20;
  option host-name "EXAMPLE";
    if substring ( option vendor-class-identifier, 0, 8 ) = "MSFT 5.0"
    {
     vendor-option-space MSFT;
     # 1 = enable, 2 = disable NetBIOS over TCP/IP:
     option MSFT.nbt 2;
    }
}

It would be nice if the NetBIOS option would become a slider (on/off) in a future update  ;)

Title: Re: Disable NetBIOS from the DHCP service
Post by: franco on June 30, 2016, 09:05:20 am

Hi Tikimotel,

I think we can add this for 16.1.19 and/or provide a patch that fits on the 16.1 stable branch. Staff is short at this moment and the release candidate is due. Hopefully we can work on this early next week.


Cheers,
Franco

Title: Re: Disable NetBIOS from the DHCP service
Post by: CloudHoppingFlowerChild on February 19, 2019, 09:37:07 pm

Sorry for the thread necromancy but this was at the top of my Google search results when trying to figure out how to disable NetBIOS via DHCP. Since there isn't a GUI option in 19.1, I thought I'd share the solution I found in case someone else comes across it as well.

Under 'Additional Options' in the DHCPv4 setup, add Number: 43 Type: String Value: 01:04:00:00:00:02

(http://nothingunreal.com/dump/DisableNetBIOSviaDHCP.PNG)