Slashdot Mirror

← Back to Stories (view on slashdot.org)

NetBIOS Design Allows Traffic Redirection

Posted by Soulskill on from the you-can't-get-there-from-here dept.

iago-vL writes "Security researchers at SkullSecurity have demonstrated how the NetBIOS protocol allows trivial hijacking due to its design, through the use of a tool called 'nbpoison' (in the package 'nbtool'). If a DNS lookup fails on Windows, the operating system will broadcast a NetBIOS lookup request that anybody can respond to. One vector of attack is against business workstations on an untrusted network, like a hotel; all DNS requests for internal resources can be redirected (Exchange, proxy, WPAD, etc). Other attack vectors are discussed in a related blog post. Although similar attacks exist against DHCP, ARP and many other LAN-based protocols, we all know that untrusted systems on a LAN means game over. NetBIOS poisoning is much quieter and less likely to break other things."

6 of 68 comments (clear)

  1. Re:Samba 3 Domain Controllers and Mutant NT Domain by lukas84 · · Score: 1, Insightful

    Samba is still stuck in NT4 times. That's why everyone should get rid of it. The hacks needed to make it work with Windows 7 alone show the age of the software.

    I'm aware that the development to get Samba up to the level of WS08R2 is in the work, but it's nowhere near where Microsoft is right now.

  2. Re:Samba 3 Domain Controllers and Mutant NT Domain by lukas84 · · Score: 2, Insightful

    Yep. The difference is that you blame Windows and i blame Samba.

  3. Re:Trivially Preventable by squiggleslash · · Score: 3, Insightful

    The registry tweaks to...

    I don't think "Trivially Preventable" means the same thing to you compared to the majority of Windows users.

    --
    You are not alone. This is not normal. None of this is normal.
  4. DEAR GOD by Anonymous Coward · · Score: 1, Insightful

    WHAT IS WRONG WITH YOU?

  5. In other news... by CPE1704TKS · · Score: 3, Insightful

    the security for the horse and buggy was compromised by experts who simply offered the horse a carrot. This allowed full access and control to the vehicle. Experts are at a loss to fix this security hole, and are actively encouraging users to upgrade to a newer technology.

  6. Re:Samba 3 Domain Controllers and Mutant NT Domain by Bert64 · · Score: 2, Insightful

    The problem is that MS implement something, and samba has to play catch up... If samba would implement something first, MS would simply ignore it and do their own thing instead.
    Also if MS implements something, they keep it as secret and obfuscated as possible - making it difficult for someone else to reverse engineer and implement, groups like samba openly document what they do making it easy for third parties to create their own implementations.

    What we really need are standards which are decided independently, with equal access for everyone.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!