NETBEUI protocol is actually a local extension of NETBIOS, which is used for interworking between different computer networks. However, the uninstallation of NETBEUI protocol is not as simple as removing it from the protocol group.
Check the log and find suspicious points:
Event Type: Error
Event Source: Service Control Manager
Event category: None
Event ID: 7000
Date: July 3, 2006
Time: 9: 54: 24 a.m.
User: Not applicable
Computer: gg
Description:
The NetBEUI protocol service failed to start due to the following error:
The system cannot find the specified file.
The original protocol is still in the system, which is a startup failure message.
So check the registry immediately:
HKEY _ LOCAL _ MACHINE \ SYSTEM \ current control set \ Services \ Nbf
Seeing the information of NETBEUI, NETBEUI in the original system has not been deleted.
We know that the password of the system is checked according to the length data sent. When sending a password authentication package, you can set the length field to "1" and send a plaintext password of 1 byte. The verification program will compare the sent password with the first byte of the saved plaintext password, and if they match, it is considered to have passed the verification. Especially as a NETBIOS protocol, the loopholes are very big.
Check whether the Internet connection and NETBIOS over TCP/IP are disabled. At this time, we can find the root of the problem.
Using the system's port monitoring natstat -an sees tcpdump: listening to 7777, and sure enough, the port is occupied.
Go back to the registry, delete the information of NETBEUI protocol, restart, connect, everything is normal.
TCP 7777=NetSpy(YAI), which uses the 7777 port of the system. NETBEUI was used at that time. Although the protocol disappeared from the protocol group, the registry and configuration information still exist. Therefore, when there is a TCP data connection, the system naturally opens port 7777 to find the data stream of NETBEUI protocol and generates an error log.