Slashdot Mirror

← Back to Stories (view on slashdot.org)

NetBIOS Design Allows Traffic Redirection

Posted by Soulskill on from the you-can't-get-there-from-here dept.

iago-vL writes "Security researchers at SkullSecurity have demonstrated how the NetBIOS protocol allows trivial hijacking due to its design, through the use of a tool called 'nbpoison' (in the package 'nbtool'). If a DNS lookup fails on Windows, the operating system will broadcast a NetBIOS lookup request that anybody can respond to. One vector of attack is against business workstations on an untrusted network, like a hotel; all DNS requests for internal resources can be redirected (Exchange, proxy, WPAD, etc). Other attack vectors are discussed in a related blog post. Although similar attacks exist against DHCP, ARP and many other LAN-based protocols, we all know that untrusted systems on a LAN means game over. NetBIOS poisoning is much quieter and less likely to break other things."

2 of 68 comments (clear)

  1. Does anyone use NetBIOS anymore? by Arker · · Score: 2, Interesting

    I remember I used to use it in the mid 90s, I actually found it quite useful because it is (was?) an unroutable protocol - IIRC it could be set up so that windows shares were available only through NetBIOS and thus only across one local segment. A couple of other admins were pulling their hair out trying to figure out how to keep those shares from being exploited without cutting them off entirely (and making the users very unhappy) and binding them to NetBIOS only seemed to do the trick nicely. Of course we had control of the local segment and the users who needed the shares were all on it - otherwise it wouldnt have been very useful. But it's been ages since I remember using it for anything at all.

    --
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-
    Friends don't let friends enable ecmascript.
  2. NetBIOS is DNS with enhancements by lkcl · · Score: 2, Interesting

    examination of RFC1001 shows that the NetBIOS protocol is actually DNS with enhancements and a few different meanings of some of the bits. there is therefore absolutely no reason why NetBIOS should not have the DNSSEC security system added to it. ... except, that would mean that microsoft had to do some work, on some code that was written well over twenty years ago. so the trouble is that microsoft doesn't actually have anyone left at the company who understands what was written, let alone why it was written.

    and neither really does anyone else. incredibly, comparison of NetBIOS to the Mobile IPv6 protocols developed a few years ago showed the *Mobile IPv6* protocols to be severely lacking.

    the entire NetBIOS protocol, apart from the obvious lack of security (because it was designed for LAN use) is incredibly far-sighted.