You have such a great sense of humour! :o) Actually, I'm proceeding by memory and my memory is not all that great these days! A couple of years ago, we (actually the govt at that time) removed all netbios and specifically the use of any lmhost files on all machines. If I remember correctly, it was mostly for the reason that if access to one system is achieved, the hacker basically then had access to any other systems that machine could connect to. I agree with you that the primary vulnerabilities are in netbios though, not the lmhost file in itself. However, I would have to check historical documents (yuck) to make sure that it was the only vulnerability (I'm not likely to do that :o) and since I'm not as young as I used to be, I don't trust my memory anymore to be correct!

Tracy

>Tracy,
>
>Yes, I was thinking that the primary danger would be in the event a hacker got access to your machine, the LMHOSTS file would be useful to them. But if a hacker gets that kind of access to your machine, all sorts of bad stuff can happen.
>
>So, assuming you are behind a firewall, and that your machine is otherwise airtight, the LMHOSTS file by itself is not be a problem. Correct?
>
>Your security knowledge and experience is greater than mine, even if my name is Steve Gibson *grin*
>
>
>>You are correct. I should've pointed to a better link. However, I believe that using the lmhosts file is dangerous. It's been awhile since I've worked solely with netbios, but if I remember correctly, all a hacker has to do is read the information in your lmhosts file and they have all of the network shares you use if they are in there. Access to your machine now gives them easy access to the machines you connect to. Also, once the location of your lmhosts file is found and they have access to your system, they can include your lmhost information into their own using: #INCLUDE \\MARKETING1\public\lmhosts and the MARKETING1 can be replaced with your ip address.
>>