NetBIOS name server protocol spoofing

Steve Langasek vorlon at
Fri Aug 4 15:35:39 GMT 2000

On Fri, 4 Aug 2000, Peter Polkinghorne wrote:

> Summary: machines can be asked to give up NetBios names, by means of
> name conflict and name release requests.

> I did have a quick look at the code, but apart from no obvious ref to
> conflict packets could not determine.
> Is Samba vulnerable to this problem?

> Here is the Microsoft take on it (very carefully worded):


> Their fix is to have a registry setting to ignore such packets.  They point
> out that this is potentially dangerous.  I do not think this is a big
> issue - it is just another DoS attack.

AFAIK, sending a netbios packet will not cause a Samba server to give up its
name on the network.  Samba is very persistent in this regard -- it will
continue trying to claim the name (and anything else it's configured for) no
matter what other machines on the network might tell it.  I believe this name
conflict / name release 'feature' of NT is also what allows you to hijack an
NT domain when the PDC reboots..

Steve Langasek
postmodern programmer

More information about the samba-technical mailing list