NetBIOS Design Allows Traffic Redirection

Posted by Soulskill on Friday December 25, 2009 @10:14PM from the you-can't-get-there-from-here dept.

iago-vL writes "Security researchers at SkullSecurity have demonstrated how the NetBIOS protocol allows trivial hijacking due to its design, through the use of a tool called 'nbpoison' (in the package 'nbtool'). If a DNS lookup fails on Windows, the operating system will broadcast a NetBIOS lookup request that anybody can respond to. One vector of attack is against business workstations on an untrusted network, like a hotel; all DNS requests for internal resources can be redirected (Exchange, proxy, WPAD, etc). Other attack vectors are discussed in a related blog post. Although similar attacks exist against DHCP, ARP and many other LAN-based protocols, we all know that untrusted systems on a LAN means game over. NetBIOS poisoning is much quieter and less likely to break other things."

2 of 68 comments (clear)

Min score:

Reason:

Sort:

Eat a dick by Anonymous Coward · 2009-12-25 22:21 · Score: -1, Troll

F/P
Fix is already here. by Anonymous Coward · 2009-12-25 22:22 · Score: -1, Troll

Do article submitters even read their stories?
Fix is here, and demonstrated by this German hacker from California.
With all the excess going on these days, I wouldn't mind spending some of my Amero non-US Dollars left-over from the last IRS-raid to buy some Hope and Loose Change.