Got caught by Samba and Windows NT PDC
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Wed Jan 20 17:42:12 GMT 1999
> Does this qualify as a true DoS? Can a *remote* network generate the
> necessary packets to break an already-activated PDC?
sure. all you have to do is to get DOMAIN_NAME<1b> registered with the
WINS server and keep sending it on any broadcast-isolated subnets.
you get round the problem by blocking 137 at the firewall and by
registering DOMAIN_NAME<1b> as a static name in the WINS server database
and by adding #PRE DOM DOMAIN_NAME<1b> in lmhosts, see lmhosts.sam on each
and every individual nt wksta, don't ask me for details :-)
More information about the samba-technical