Disabling NetBIOS over TCP/IP for certain connections
I think your NetBIOS filtering policy is interesting, although I think you might have the same effect if you just disable NetBIOS over TCP/IP for certain connections. I have a domain controller at home with an internal NIC and another to create a VPN to my ISP. I disabled the NetBIOS over TCP/IP for this VPN, which has somewhat the same effect as your filter policy. Or am I incorrect?
You are correct. Using IPsec to filter NetBIOS is useful if you need to allow certain NetBIOS connections on a particular interface (from administrative workstations, for example), but do not want to leave NetBIOS connections open "to the world."
This was first published in September 2003