netbios is a service that works on port 139 the basic Netbios was meant for communicating over lan but the real threat is netbios over tcp/ip.

A user can make null session or an session with administrator as the user and connect to your system using netbios over tcp/ip and view your share resources like ipc$,admin$,c$ by using the following commands.

a)Net Use \\ipaddress\IPC$ "" /USER:"" (null session)

b)Net Use \\ipaddress\IPC$ "" /USER:Administrator (with admin user having no pass by default windows xp has no admin password set).

next one can view share resources by using the following command:

a)Net View //ipaddress (it will show all share resources except the ipc$,admin$ etc)

Solution:

1) Disable the following services follow these steps:

a) Open run prompt (windows key+r).

b) Type services.msc

c) Disable Tcp/ip Netbios helper.

Disable Server (use only if you do not have another pc to share from on lan) this service if disabled will lead to disabling of Net View command makes your pc more secure for more information on which services to disable look in blog for the post on this topic.

d) or you can remove the $ shares for this you have to type the following command

for ex net share admin$ /DELETE

e) The IPC$ share cannot be removed by this command and will show access denied error message for this you will have to do it manually, follow these steps:

1) Open run prompt (windows key+r).

2) Type regedit

3) go to the following key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

4) Change the restrict anonymous value to 1.

thats it now your pc is secure from this threat.