NetBIOS name server protocol spoofing
Steve Langasek
vorlon at netexpress.net
Fri Aug 4 15:35:39 GMT 2000
On Fri, 4 Aug 2000, Peter Polkinghorne wrote:
> Summary: machines can be asked to give up NetBios names, by means of
> name conflict and name release requests.
> I did have a quick look at the code, but apart from no obvious ref to
> conflict packets could not determine.
> Is Samba vulnerable to this problem?
> Here is the Microsoft take on it (very carefully worded):
> http://www.microsoft.com/technet/security/bulletin/fq00-047.asp
> Their fix is to have a registry setting to ignore such packets. They point
> out that this is potentially dangerous. I do not think this is a big
> issue - it is just another DoS attack.
AFAIK, sending a netbios packet will not cause a Samba server to give up its
name on the network. Samba is very persistent in this regard -- it will
continue trying to claim the name (and anything else it's configured for) no
matter what other machines on the network might tell it. I believe this name
conflict / name release 'feature' of NT is also what allows you to hijack an
NT domain when the PDC reboots..
Steve Langasek
postmodern programmer
More information about the samba-technical
mailing list