Bugtraq mailing list archives
Re: Invalid WINS entries
From: "Byrne, David" <dbyrne () TIAA-CREF ORG>
Date: Thu, 18 Jan 2001 12:57:06 -0500
First, I think you're right about the secure channel for NT, but does this apply to 9x as well? Second, even though a bogus DC won't participate in a domain, it will still register itself in the 1C record. Try it if you don't believe me. I also disagree that an H-node configuration is "properly configured". NetBIOS broadcasts only allow you to query your network segment (assuming you aren't forwarding broadcasts). This system might work fine in a small environment, but P-node is the only way to go for an enterprise scale operation. David Byrne, MCSE TIAA CREF -----Original Message----- From: Attonbitus Deus [mailto:Thor () HAMMEROFGOD COM] Sent: Wednesday, January 17, 2001 5:54 PM To: BUGTRAQ () SECURITYFOCUS COM Subject: Re: Invalid WINS entries It doesn't work that way. If you put a bogus BDC on the lan, the server service won't even start unless its computer account is verified against the dc based on the SID. Same with putting a bogus PDC with the same domain name... A workstation won't even set up a secure channel in the first place unless its account is verified which must happen before the challenge/response take's place (insofar as NtLmSsp is concerned.) Granted, you could screw with WINS a bit, but even then the IP stack will fall back on broadcast to find a 'real' dc if you have properly configured your node type to 0x8 (Hybrid). If you are already on the LAN to the point of doing all this stuff, just capture SMB packets over a few days---
Current thread:
- Invalid WINS entries Byrne, David (Jan 17)
- Re: Invalid WINS entries Attonbitus Deus (Jan 18)
- Re: Invalid WINS entries 3APA3A (Jan 18)
- Re: Invalid WINS entries Paul L Schmehl (Jan 18)
- <Possible follow-ups>
- Re: Invalid WINS entries Fulton L. Preston Jr. (Jan 18)
- Re: Invalid WINS entries Byrne, David (Jan 18)
- Re: Invalid WINS entries Attonbitus Deus (Jan 18)
- Re: Invalid WINS entries Russ (Jan 19)