September 7th, 2003, 01:24 AM
Flaw in NetBIOS Leads to Information Disclosure
Network basic input/output system (NetBIOS) is an application-programming interface (API) that can be used by programs on a local area network (LAN). NetBIOS provides programs with a uniform set of commands for requesting the lower-level services required to manage names, conduct sessions, and send datagrams between nodes on a network. This vulnerability involves one of the NetBT (NetBIOS over TCP) services, namely, the NetBIOS Name Service (NBNS). NBNS is analogous to DNS in the TCP/IP world and it provides a way to find a system's IP address given its NetBIOS name, or vice versa. Under certain conditions, the response to a NetBT Name Service query may, in addition to the typical reply, contain random data from the target system's memory. This data could, for example, be a segment of HTML if the user on the target system was using an Internet browser, or it could contain other types of data that exist in memory at the time that the target system responds to the NetBT Name Service query. An attacker could seek to exploit this vulnerability by sending a NetBT Name Service query to the target system and then examine the response to see if it included any random data from that system's memory. If best security practices have been followed and port 137 UDP has been blocked at the firewall, Internet based attacks would not be possible.
September 7th, 2003, 01:48 AM
Where are your sources?
Hate to rain on your parade, but you've posted several times without mentioning a source. Don't plagiarize, it is looked down upon here at AO.
And besides, your post is old news. Any smart user would disable NetBIOS.
Just my 2 cents.
It\'s 106 miles to Chicago, we\'ve got a full tank of gas, half a pack of cigarettes, it\'s dark and we\'re wearing sunglasses.
September 7th, 2003, 01:50 AM
September 7th, 2003, 04:36 AM
nc -vv -z -w2 127.0.0.1 1-65024
yes, disable NetBIOS entirely...unless of course you are using it.
(http://www.grc.com/) has some interesting ideas about NetBIOS and enabling/disabling it.
Thanks for the info...but it is, or should be, rather well known amongst penetration specialists that ports 137-139, inclusive, invoke tons of crap! Have a nice day/night all...
The hinge of sorcery is the assemblage point.