Last Updated On October 17, 2018
Suggested read (2):
What is LLMNR?
What is NBNS?
Disabling LLMNR and NBNS can prevent LLMNR/NBNS poisoning attacks in environments where it is not needed. Unfortunately, it is enabled by default from Microsoft, which could result in a malicious attacker performing eavesdropping attacks to discover valuable data.
Disabling LLMNR via Group Policy Object (GPO)
To disable LLMNR via GPO on a Microsoft Windows system, follow the steps below:
- Open Group Policy Editor by navigating to Start -> Run (or Windows + R shortcut)
- Type in gpedit.msc
- Press the Enter key.
- Within the Local Group Policy Editor, navigate to Local Computer Policy -> Computer Configuration -> Administrative Templates -> Network -> DNS Client.
- Select the option for Turn off Multicast Name Resolution.
- By default, this option will be set to Not Configured. Change this option to Enabled to make this policy effective.
Once configured, you can enforce this policy immediately through the following steps:
- Open the Microsoft Windows Command Line by navigating to Start -> Run (or Windows + R shortcut).
- Type in cmd
- Press the Enter key.
- Within the Command Line window, type in gupdate /force to enforce Group Policy changes.
Disabling NBNS via Network Interface Card (NIC) Properties
To disable NetBIOS over TCP/IP, follow the procedures below:
- Open the Microsoft Windows Command Line by navigating to Start -> Run (or Windows + R shortcut).
- Type in ncpa.cpl and press Enter to quickly navigate to the Network Connections section of the Control Panel.
- Right click on one of the local interfaces (preferably the one connected to the local network) and select Properties.
- In the Properties window, go to Internet Protocol Version 4 (TCP/IPv4) and select Properties.
- Click on the Advanced button in the IPv4 properties window.
- Navigate to the WINS tab.
- Select Disable NetBIOS over TCP/IP.
- Click OK and close out the remaining windows.
