[15071] in bugtraq
Re: [COVERT-2000-05] Microsoft Windows Computer Browser Reset
daemon@ATHENA.MIT.EDU (Vladimir Dubrovin)
Fri May 26 14:57:18 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <10875.000526@sandy.ru>
Date: Fri, 26 May 2000 21:00:52 +0400
Reply-To: Vladimir Dubrovin <vlad@sandy.ru>
From: Vladimir Dubrovin <vlad@SANDY.RU>
X-To: COVERT Labs <seclabs@nai.com>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <000001bfc6b8$fb0dc910$bb3945a1@jmagdych.na.nai.com>
Hello COVERT Labs,
Browser protocol is insecure by design. As an example, evil host can
send election packet with high election criteria to become a Master
Browser and distribute empty (or spoofed) browsing list. It's also
possible to feed spoofed list to Domain's Master.
In case evil host is in another physical network - sending spoofed
election packet once in 10 seconds will make effective DoS against
browser service.
There is a lot of the ways to use browser as traffic amplifier - such
as sending spoofed browser list requests to domain's master, sending
spoofed master browser's request to promote all potential browsers to
backup browsers, etc.
The best and only way to protect you network in this cases is packet
filtering.
C> The Microsoft Windows implementation of the Browser Protocol contains
C> an undocumented feature that provides for the remote shutdown of the
C> Computer Browser Service on a single computer or multiple computers.
/3APA3A
http://www.security.nnov.ru
