Bugtraq mailing list archives
Re: NT security et al (Dangers of NetBIOS/NBT?)
From: nal () spirit com au (Nick and Debbie Leask)
Date: Thu, 26 Sep 1996 19:44:07 +1000
I've read fairly similar sentiments about having NetBIOS or NBT floating around on our internet/firewall subnets, but I've not heard anyone discussing exactly what the dangers of this are. There are obvious 'pain's in the butt' when this is happening (such as lots of unnecessary deny messages logged against firewall bastion or router logs), but that's about all... Can some one expand in detail what the known or perceived dangers of NetBIOS or NBT are? What I have done so far (due to this fear of NetBIOS/NBT) is disable all NetBIOS/NBT portions of NT, unbind them from the NIC and delete the related .EXE's and .DLL's. This solves the problem period. The only downside is that you can't have servers in this state participating in a domain, but that just offers further possible dangers anyway... Any insight into this would be much appreciated. Cheers Nick Leask ---------- From: *Hobbit*[SMTP:hobbit () avian org] Sent: Thursday, September 26, 1996 3:07 AM To: Multiple recipients of list BUGTRAQ Subject: NT security et al I've been screwing around some with netbios in general, and being more or less horrified [but not surprised, this is microsnot after all]. I've learned that one hack you can do in the absence of any other overall defenses is to use a non-null SCOPE ID. They don't recommend it but that's probably just because of the potential administrative headaches in manually changing the scope on every machine in a facility. The scope ID would be sort of a "global password" to your netbios service, sort of the same way as YP domains, so it needs to be nonobvious and kept within your walls. Better than nothing, though... Unfortunately the right place to set it seems to be buried under obscure and ill-named menu items that vary from platform, so you'll have to hunt around. _H*
Current thread:
- Re: NT security et al (Dangers of NetBIOS/NBT?) Nick and Debbie Leask (Sep 26)
- Re: NT security et al (Dangers of NetBIOS/NBT?) Alan Cox (Sep 27)
- <Possible follow-ups>
- Re: NT security et al (Dangers of NetBIOS/NBT?) Jacob Langseth (Sep 27)
- Re: NT security et al (Dangers of NetBIOS/NBT?) Dan Shearer (Sep 27)
- Re: NT security et al (Dangers of NetBIOS/NBT?) Scriptors of DOOM (Sep 27)