Microsoft phasing out NetBIOS and LLMNR

Topic

New Reply

Aligning on mDNS: ramping down NetBIOS name resolution and LLMNR

The modern standard for multicast name discovery is mDNS. However, Windows supports other multicast name resolutions protocols for historical reasons, including NetBIOS name resolution and LLMNR. More details about the documentation for each of these protocols can be found here.

NetBIOS name resolution and LLMNR are rarely used today. This means that having them enabled needlessly expands the attack surface of devices and increases the load on the networks they use. Disabling these protocols needs to be balanced with real-world deployments which may still depend on them, but it is still the right direction to go.

NetBIOS name resolution has been turned off by default on cellular interfaces for some time because it should never be applicable there. In the latest Windows Dev and Beta Insider builds, it has been placed in “learning mode” where NetBIOS is only used as a fallback after mDNS and LLMNR queries fail. This means devices will typically stop using NetBIOS name resolution unless it is manually re-enabled because mDNS will most frequently answer first…

The default LLMNR behavior has not been changed in Windows yet. This will be part of the next steps toward the “mDNS is the only multicast name resolution protocol on by default” goal…

1 user thanked author for this post.

Cybertooth

Reply | Quote

Replies

? says:

one of the first things i used to turn off on all windows setups. and now on linux too.

LLMNR in /etc/systemd/resolved.conf =no, then systemctl restart systemd.service.

or: https://www.ctrl.blog/entry/how-to-disable-mdns-linux.html

for mdns called Avahi, i use the nuclear option: sudo systemctl disable avahi-daemon

but here is a more civilized method:

https://askubuntu.com/questions/1050480/i-stopped-mdns-with-sudo-service-avahi-daemon-stop-but-it-keeps-restarting

thank you, Alex…

Reply | Quote

I wonder what the implications of this will be for home networking. Does it mean that each and every computer on the LAN will now need to have a login password, so that you have something to enter when trying to access a different PC from the one you’re at?

And what does this mean for Linux machines on the network–will it still be possible to browse to Windows PCs from Linux without having to enter usernames and passwords?

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

You can set up the same username/password on the other computer, or set permissions on a folder.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

Cybertooth

Reply | Quote

To turn off LLMNR in W10 Pro go to Local Group Policy Editor:

• Computer Configuration
• Administrative Templates
• Network
• DNS Client
• Turn off multicast name resolution – Set to Enabled.

To disable NetBIOS Name Resolution

• Right-Click on your network icon in the Notifications Area (or Network & Sharing Center)
• Open Network & Internet Settings
• Change adapter options
• Right-Click on your network adapter
• Properties
• Internet Protocol Version 4(TCP/IPv4)
• Properties
• Advanced
• WINS Tab
• Disable NetBIOS over TCP/IP
• OK all the way out
• Reboot

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

2 users thanked author for this post.

Alex5723, windbg

Reply | Quote