Vulnerability Development mailing list archives
Re: WINS attack?
From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Thu, 10 Feb 2000 20:59:44 -0800
Bryce Walter wrote:
Has anybody looked at the possibility of stealing WINS registrations? Spoof the name/service release of a server then register that name to your own IP. I'm not sure right off what that would get you (besides a DoS), but it could be an interesting excercise.
It's better than a DoS. You pretend to be a domain controller, and all
the machines will try to use you for authentication. makes the sniffing
feature of L0phtcrack very useful in a switched or WAN environment. Of
course, you'll be easy to track down if the admins have any clue.
Unless you point at your neighbor instead, on the same repeated segment.
Watch him get busted instead.
WINS will believe anyone. I had an ISDN user set up his home machine
as a PDC once, for our main security domain. When he dialed up and
registered with WINS, every machine tried to authenticate with him
across the ISDN line. Joy.
The L0pht guys have been promising a tool along these lines as
part of a disservice pack for NT for a couple of years. I don't
know if that's changed given what they're doing with products
as part of the @stake merger. Comments, Mudge?
BB
Current thread:
- WINS attack? Bryce Walter (Feb 10)
- Re: WINS attack? Seth R Arnold (Feb 10)
- Re: WINS attack? Blue Boar (Feb 10)
- Re: WINS attack? John Hall (Feb 11)
- IE Java Nicolas Rachinsky (Feb 12)
- Unreal Webserver Adam Boileau (Feb 13)
- Re: Unreal Webserver Arturo (Feb 14)
- vulnerability database Ben Valenti (Feb 16)
- Re: vulnerability database H D Moore (Feb 17)
- Re: vulnerability database Yiorgos Adamopoulos (Feb 17)
- Re: vulnerability database Iván Arce (Feb 17)
- Re: vulnerability database Dragos Ruiu (Feb 17)
- Re: vulnerability database Jay D. Dyson (Feb 17)
(Thread continues...)