Open NetBIOS Report

This report identifies hosts that have the NetBIOS service running and accessible on the Internet.

These services have the potential to be used in amplification attacks by criminals that wish to perform denial of service attacks. Statistics for these hosts can be found here.

The analogous shell command (from a windows box) to identify these hosts would be:

nbtstat -A [ip]

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the DNS response came on (usually UDP)
  • port
    Port that the NetBIOS response came from
  • hostname
    Reverse DNS name of the device in question
  • tag
    Will always be netbios
  • mac_address
    The media access control (MAC) address that NetBIOS reports that the probed host is using
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • workgroup
    The reported workgroup / domain name that the probed host belongs to
  • machine_name
    The reported NetBIOS name that the probed host is using
  • username
    The possible user that is logged into the probed host

Sample

"timestamp","ip","protocol","port","hostname","tag","mac_address","asn","geo","region","city","workgroup","machine_name","username"
"2014-03-16 00:13:19","118.232.245.224","udp",137,"118-232-245-224.dynamic.kbronet.com.tw","netbios","D4-3D-7E-E1-E8-EE",9924,"TW","T'AI-WAN","TAIPEI","WORKGROUP","WEI",
"2014-03-16 00:13:19","131.193.206.74","udp",137,,"netbios","02-A0-98-12-C2-60",6200,"US","ILLINOIS","CHICAGO","AD","LAS-NETAPP2","LAS-NETAPP2"
"2014-03-16 00:13:19","188.108.94.175","udp",137,,"netbios","02-26-4D-7E-FF-F9",3209,"DE","NIEDERSACHSEN","BRAUNSCHWEIG","WORKGROUP","EASYBOX",
"2014-03-16 00:13:19","150.7.205.59","udp",137,"plzm0841.scc.u-tokai.ac.jp","netbios","40-61-86-D3-86-CD",2907,"JP","TOKYO","TOKYO","WORKGROUP","PLZM0841",
"2014-03-16 00:13:19","199.83.89.41","udp",137,"unassigned.psychz.net","netbios","00-16-3E-14-C7-E2",40676,"US","CALIFORNIA","LOS ANGELES",,,
"2014-03-16 00:13:19","203.94.3.164","udp",137,,"netbios","06-17-5A-00-03-27",17739,"CN","SHANGHAI","SHANGHAI","WORKGROUP","HAPLINK-53FD87A",
"2014-03-16 00:13:19","190.14.237.98","udp",137,"1901423798.ip14.static.mediacommerce.com.co","netbios","00-11-3B-01-56-60",,"CO","RISARALDA","PEREIRA","GRUPO_TRABAJO","MC-FTP1",
"2014-03-16 00:13:19","190.177.250.57","udp",137,"190-177-250-57.speedy.com.ar","netbios","00-00-00-00-00-00",22927,"AR","DISTRITO FEDERAL","BUENOS AIRES","WORKGROUP","DSL_ROUTE","DSL_ROUTE"

Our 73 Report Types