[3401] in bugtraq
Re: NT security et al (Dangers of NetBIOS/NBT?)
daemon@ATHENA.MIT.EDU (Nick and Debbie Leask)
Thu Sep 26 20:28:40 1996
Date: Thu, 26 Sep 1996 19:44:07 +1000
Reply-To: Nick and Debbie Leask <nal@spirit.com.au>
From: Nick and Debbie Leask <nal@spirit.com.au>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
I've read fairly similar sentiments about having NetBIOS or NBT floating =
around on our internet/firewall subnets, but I've not heard anyone =
discussing exactly what the dangers of this are. There are obvious =
'pain's in the butt' when this is happening (such as lots of unnecessary =
deny messages logged against firewall bastion or router logs), but =
that's about all... Can some one expand in detail what the known or =
perceived dangers of NetBIOS or NBT are?
What I have done so far (due to this fear of NetBIOS/NBT) is disable all =
NetBIOS/NBT portions of NT, unbind them from the NIC and delete the =
related .EXE's and .DLL's. This solves the problem period. The only =
downside is that you can't have servers in this state participating in a =
domain, but that just offers further possible dangers anyway...
Any insight into this would be much appreciated.
Cheers
Nick Leask
----------
From: *Hobbit*[SMTP:hobbit@avian.org]
Sent: Thursday, September 26, 1996 3:07 AM
To: Multiple recipients of list BUGTRAQ
Subject: NT security et al
I've been screwing around some with netbios in general, and being more =
or
less horrified [but not surprised, this is microsnot after all]. I've
learned that one hack you can do in the absence of any other overall
defenses is to use a non-null SCOPE ID. They don't recommend it but =
that's
probably just because of the potential administrative headaches in =
manually
changing the scope on every machine in a facility.
The scope ID would be sort of a "global password" to your netbios =
service,
sort of the same way as YP domains, so it needs to be nonobvious and =
kept
within your walls. Better than nothing, though... Unfortunately the =
right
place to set it seems to be buried under obscure and ill-named menu =
items
that vary from platform, so you'll have to hunt around.
_H*
