Vulnerability Development mailing list archives
Re: WINS attack?
From: j.hall () F5 COM (John Hall)
Date: Fri, 11 Feb 2000 14:18:09 -0800
It's as easy as renaming your NT Workstation. A couple years ago, I was Network Manager at Siemens Medical Systems - Ultrasound Group in Issaquah, WA. Our entire NT domain was hijacked by a lab tech in Denmark who decided to change the name of his NT Workstation to be the same as our PDC. Siemens has super-glued its cart firmly to Microsoft's ass and decreed that all Siemens companies world-wide would link their WINS servers. Well, guess what? There's a single namespace for ALL administratively connected WINS servers and for some reason, our local WINS server decided that the lab tech in Denmark deserved that name more than we did. We were fully down for about a day, until I convinced our NT admins to break the WINS link, then we had to go through some nasty processes to clear out our local WINS tables and caches (basically turn off every Windows box on the network at once). It was not pretty! Siemens short term plan was to force a node naming scheme which guaranteed globally unique eight character node names (also, BTW limiting each site to 499 nodes, but that was an inconsequential detail, I was told!) I'm pretty sure they never implemented this plan world-wide. This incident and the way our parent company handled it when they found we had broken the link was one of the primary reasons I decided to find a more cluefull employer. Bryce Walter wrote:
Has anybody looked at the possibility of stealing WINS registrations?
...
regards, Bryce Walter
-- John Hall <j.hall () f5 com> F5 Networks, Inc. Senior Test Engineer 206-505-0800 Never eat anything bigger than your head.
Current thread:
- WINS attack? Bryce Walter (Feb 10)
- Re: WINS attack? Seth R Arnold (Feb 10)
- Re: WINS attack? Blue Boar (Feb 10)
- Re: WINS attack? John Hall (Feb 11)
- IE Java Nicolas Rachinsky (Feb 12)
- Unreal Webserver Adam Boileau (Feb 13)
- Re: Unreal Webserver Arturo (Feb 14)
- vulnerability database Ben Valenti (Feb 16)
- Re: vulnerability database H D Moore (Feb 17)
- Re: vulnerability database Yiorgos Adamopoulos (Feb 17)
- Re: vulnerability database Iván Arce (Feb 17)
- Re: vulnerability database Dragos Ruiu (Feb 17)
- Re: vulnerability database Jay D. Dyson (Feb 17)
- Eudora incoming email affects behavior Thomas Kluegel (Feb 17)
(Thread continues...)