OOB Quick Fix

[aleph1 () DFW NET (Aleph One)]

http://www.secant.net/

Secant Computing Systems, Incorporated

   Microsoft Windows NT Port 139 Fix - Saturday, May 10, 1997
   The Kegs Approach
     _________________________________________________________________

   Binding Configuration The following steps apply to version 4.0.
    1. Go into Control Panel -> Network -> Bindings Tab
    2. Drop down the list for "Show Bindings for:" and select "all
       adapters"
    3. Find the WAN Wrapper that says "Remote Access WAN Wrapper"
    4. Expand it so you see WINS Client(TCP/IP)
    5. Select the WINS Client(TCP/IP) and click the DISABLE button
    6. Reboot System

   Note: When you log into NT4, you will get a message window that says
   certain services or drivers didn't start. This is ok and will happen
   each time you reboot, but shouldn't happen if you log into another
   account.


   Background Information - Courtesy of bugtraq () netspace org

   It is possible to remotely cause denial of service to any Windows 95
   or Windows NT user. It is done by sending OOB (Out Of Band) data to an
   established connection with a Windows user. NetBIOS [139] seems to be
   the most effective since this is a part of Windows. Apparently Windows
   doesn't know how to handle OOB, so it panics and crazy things happen.
   Reports have been heard of everything from Windows dropping carrier to
   the entire screen turning white. Windows also sometimes has trouble
   handling anything on a network at all after an attack like this. A
   reboot fixes whatever damage this causes.



   Solution courtesy of Keith Gamard and the #Windows ops on EFnet.
   Web page by Brett A. Erkman
   This page may not be reproduced in any means without express written
   consent from the authors.