Got caught by Samba and Windows NT PDC

Luke Kenneth Casson Leighton lkcl at switchboard.net
Wed Jan 20 17:42:12 GMT 1999


> Does this qualify as a true DoS?  Can a *remote* network generate the
> necessary packets to break an already-activated PDC?

sure.  all you have to do is to get DOMAIN_NAME<1b> registered with the
WINS server and keep sending it on any broadcast-isolated subnets.

you get round the problem by blocking 137 at the firewall and by
registering DOMAIN_NAME<1b> as a static name in the WINS server database
and by adding #PRE DOM DOMAIN_NAME<1b> in lmhosts, see lmhosts.sam on each
and every individual nt wksta, don't ask me for details :-)

luke



More information about the samba-technical mailing list