Security Incidents mailing list archives
Re: NetBIOS info
From: bugtraq () NETWORKICE COM (Robert Graham)
Date: Mon, 27 Mar 2000 13:06:26 -0800
-----Original Message----- From: Bill Pennington Sent: Wednesday, March 22, 2000 3:37 PM Subject: Re: NetBIOS info Great stuff. Thanks Robert! A few comments... Maybe more along the line of a rant but... It just seems a little silly to me that in order to prevent this stuff from landing on my link I need to setup PTR records for all my boxes. What if I do not want PTR records (for whatever sick and twisted reason) now I have to put up with all this cruft getting shoved down my pipe. I think we can agree that not everyone is going to have PTR records setup or even configured correctly to stop this stuff. It looks like a big bandwidth hog to me. If gethostbyaddr fails then let it fail no need to send out more packets. Also someone sent me an e-mail wondering if you could use this as an attack method. It would seem like an easy way to guess the OS without ever sending a probe packet to the host. If you had some Netbios bomb or auto windows hack tool you could setup a site, wait to get some Netbios request then attack. I am sure there is a better way to handle it but that is a topic for Vuln-dev not here. Ok of the soapbox... :-)
Don't get mad; get even. I've written a little utility that simply reflects NetBIOS queries back at the sender, and saves their responses to a file. It is at: http://www.robertgraham.com/src/soibten.c Of course, this is likely to do you more harm than good (to you), but at least you get to scan all those pesky windows users. The cool part is that it seems to penetrate NATs, stateful firewalls, and legal barriers. (i.e. this isn't code, but a philosophical statement). Robert Graham
Current thread:
- Re: Odd UPD scan, (continued)
- Re: Odd UPD scan Bill Pennington (Mar 16)
- Re: Odd UPD scan Graeme Fowler (Mar 20)
- Re: Odd UPD scan Grzegorz Janoszka (Mar 17)
- Re: Odd UPD scan Randy Mclean (Mar 17)
- Re: Odd UPD scan Rainer Weikusat (Mar 17)
- Re: Odd UPD scan Bill Pennington (Mar 20)
- Re: Odd UPD scan Pavel Kankovsky (Mar 21)
- NetBIOS info Robert Graham (Mar 21)
- Re: NetBIOS info Bill Pennington (Mar 22)
- Strange probe Stuart Staniford-Chen (Mar 24)
- Re: NetBIOS info Robert Graham (Mar 27)
- Syn scans to 4045 Joey McAlerney (Mar 27)
- Re: Odd UPD scan Bill Pennington (Mar 16)