Home page logo

bugtraq logo Bugtraq mailing list archives

Follow-Up: Security Problems with Linux 2.2.x IP Masquerading
From: hdm () SECUREAUSTIN COM (H D Moore)
Date: Tue, 28 Mar 2000 12:07:49 -0600

Following the "NetBIOS Info" thread on Incidents mailing list at SF,
Robert Graham <bugtraq () NETWORKICE COM> mentioned a utility he wrote to
automatically respond to netbios port 137 name probes with a netbios
name lookup back to the originating host.  He mentioned that it seems to
cut right through state-based firewalls and NAT systems because the
response probe looks like a response to the outgoing probe.  Assuming
that a host on an inside network is sending out these netbios name
queries (1), an attacker could exploit the linux 2.2.x vulnerability and
be able to query the netbios names of internal machines.


1: http://www.robertgraham.com/pubs/firewall-seen.html#netbios

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]