Editing NetBIOS over TCP/IP (section)

==Security vulnerabilities==
NBT exposes information and interfaces that are often appropriate for a [[Local area network|LAN]] under an organization's administrative control, but which are not appropriate for a less trusted network such as the [[Internet]].  For example, the NetBIOS Name Service (NBNS), running over UDP or TCP port 137, allows any computer to register its hostname with other computers.  An attacker could contact any host and claim that they are a particular service the host regularly contacts, such as a file server.  This could result in a [[middleperson attack]] against listening hosts, and ultimately in the compromise of credentials used by the listening hosts to access network services over NBT.  Tools such as NBNSpoof can be used to perform this attack.<ref>{{Cite web|last=mubix|date=2012-09-01|title=Old School On-target NBNS Spoofing|url=https://malicious.link/post/2012/2012-09-01-old-school-on-target-nbns-spoofing/|access-date=2022-02-02|website=malicious.link|language=en}}</ref><ref>{{Citation|last=Lladro|first=David|title=NBNSpoof - NetBIOS Name Service Spoofer|date=2021-07-02|url=https://github.com/nomex/nbnspoof|access-date=2022-02-02}}</ref>

Exposure of NBT to the Internet also discloses, as a practical matter, that the host answering on NBT ports is running Windows.  This can be used to better target malicious activity that might be specific to one operating system.