Bugtraq mailing list archives
Re: Invalid WINS entries
From: Paul L Schmehl <pauls () UTDALLAS EDU>
Date: Wed, 17 Jan 2001 23:00:59 -0600
(Posted to BUGTRAQ and mailed to David Byrne.) I reported this problem to Microsoft, NTBUGTRAQ and the Samba folks (PR#10706) over two years ago. (10/23/98) I posted an explanation to NTBUGTRAQ on March 2, 1999. We were able to capture logins using a Red Hat box running Samba (1.9.18p5) "masquerading" as a DC and compile a list of username/password combos in clear text. We were also able to create a DoS condition in the domain, where logins began to fail throughout the network. MS's response was that because WINS uses NetBIOS, which has no security capabilities, there was no way to prevent that sort of hijacking. Their answer is Active Directory, Kerberos and DNS. We were not able to find a way to exploit it remotely **if** you are blocking NetBIOS at the DMZ, as you should be (both outgoing and incoming.) --On Wednesday, January 17, 2001 4:35 PM -0500 "Byrne, David" <dbyrne () TIAA-CREF ORG> wrote:
After playing around with some WINS problems we were having, I discovered something that doesn't seem to bother very many people. WINS does nothing to verify the 1Ch (domain controllers) registrations sent to it.
Paul L. Schmehl, pauls () utdallas edu Supervisor, Support Services The University of Texas at Dallas
Current thread:
- Invalid WINS entries Byrne, David (Jan 17)
- Re: Invalid WINS entries Attonbitus Deus (Jan 18)
- Re: Invalid WINS entries 3APA3A (Jan 18)
- Re: Invalid WINS entries Paul L Schmehl (Jan 18)
- <Possible follow-ups>
- Re: Invalid WINS entries Fulton L. Preston Jr. (Jan 18)
- Re: Invalid WINS entries Byrne, David (Jan 18)
- Re: Invalid WINS entries Attonbitus Deus (Jan 18)
- Re: Invalid WINS entries Russ (Jan 19)