mailing list archives
Re: NT security et al (Dangers of NetBIOS/NBT?)
From: coxa () cableol net (Alan Cox)
Date: Fri, 27 Sep 1996 09:17:34 +0100
I've read fairly similar sentiments about having NetBIOS or NBT floating =
around on our internet/firewall subnets, but I've not heard anyone =
discussing exactly what the dangers of this are. There are obvious =
'pain's in the butt' when this is happening (such as lots of unnecessary =
deny messages logged against firewall bastion or router logs), but =
that's about all... Can some one expand in detail what the known or =
perceived dangers of NetBIOS or NBT are?
o Windows 3.11 has share bugs microsoft will never apparently fix,
whereby any share allows the whole disk to be accessed by using
a ../../.. type construct and the smbfs client code.
o Early windows 95 seems to have the same bug. In both cases this
can be a disaster as the windows .PWL files up until the latest
Win95 patches are trivially crackable
o Windows NT apparently has a bug whereby users can erase the entire NT
server disk in the default NT configuration
o There is no encryption of data, so all the usual spoofing attacks work
o There are ways to trip the clients into doing plain text password
authentications (Yum yum ;))
o There is no failed authentication logging on windows, so a dictionary
attack can run all week and there won't be so much as a blip in the
All of these are exploitable over TCP/IP as well. Very handy for breaking into
Windows 95 machines on a remote network and adding a binary and changing
Whether you block outgoing netbios sessions is an open question, blocking
incoming ones is a forgone conclusion.
Novell netware is only slightly more secure, you do get some protection
if that is suitably set up, but users can bring down Novell 3 servers by
sending a suitable packet, and can really mess around by broadcasting fake
license messages. Since Novell has directed broadcast that can be done
across IPX backbones.