[14437] in bugtraq
Follow-Up: Security Problems with Linux 2.2.x IP Masquerading
daemon@ATHENA.MIT.EDU (H D Moore)
Wed Mar 29 00:53:06 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <38E0F4F5.27B9C164@secureaustin.com>
Date: Tue, 28 Mar 2000 12:07:49 -0600
Reply-To: H D Moore <hdm@SECUREAUSTIN.COM>
From: H D Moore <hdm@SECUREAUSTIN.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Following the "NetBIOS Info" thread on Incidents mailing list at SF,
Robert Graham <bugtraq@NETWORKICE.COM> mentioned a utility he wrote to
automatically respond to netbios port 137 name probes with a netbios
name lookup back to the originating host. He mentioned that it seems to
cut right through state-based firewalls and NAT systems because the
response probe looks like a response to the outgoing probe. Assuming
that a host on an inside network is sending out these netbios name
queries (1), an attacker could exploit the linux 2.2.x vulnerability and
be able to query the netbios names of internal machines.
-HD
1: http://www.robertgraham.com/pubs/firewall-seen.html#netbios
