Features
-
License:
Free
-
Editor's Rating:
Not rated
- Average User Rating:
-
Downloads:
19,951
- Operating Systems:
Windows 2000
- Additional Requirements:
No additional requirements
- Limitations:
No limitations
- Date Added:
July 31, 2000
Publisher's description of Windows 2000 NetBIOS Name Server Protocol Spoofing Vulnerability Patch
From Microsoft:The NetBIOS Name Server (NBNS) protocol, part of the NetBIOS over TCP/IP (NBT) family of protocols, is implemented in Windows systems as the Windows Internet Name Service (WINS). By design, NBNS allows network peers to assist in managing name conflicts. Also by design, it is an unauthenticated protocol and therefore subject to spoofing. A malicious user could misuse the Name Conflict and Name Release mechanisms to cause another machine to conclude that its name was in conflict. Depending on the scenario, the machine would as a result either be unable to register a name on the network, or would relinquish a name it already had registered. The result in either case would be the same the machine would not respond requests sent to the conflicted name anymore.
If normal security practices have been followed, and port 137 UDP has been blocked at the firewall, external attacks would not be possible. A patch is available that changes the behavior of Windows systems in order to give administrators additional flexibility in managing their networks. The patch allows administrators to configure a machine to only accept a name conflict datagram in direct response to a name registration attempt, and to configure machines to reject all name release datagrams. This will reduce but not eliminate the threat of spoofing. Customers needing additional protection may wish to consider using IPSec in Windows 2000 to authenticate all sessions on ports 137-139.
Microsoft created this patch to eliminate this security vulnerability.
- See more CNET content tagged:
- Microsoft Windows 2000,
- NetBIOS,
- patch,
- protocol,
- security
More popular Encryption Software downloads
- 58,873 downloads 1. RoboForm
- 10,761 downloads 2. SuperEncryptor
- 5,756 downloads 3. Folder Lock
- 2,546 downloads 4. Eraser
- 2,154 downloads 5. RAR Password Cracker
- See all Encryption Software downloads
User reviews
- Average user rating: 0 stars Not yet available
- My rating: 0 stars Write review
-
Showing 2 of 2 user reviewsSee all 2 user reviews
This software version | All versions -
Version: Windows 2000 NetBIOS Name Server Protocol Spoofing Vulnerability Patch
"I too run this and it keeps coming up in catchup"
-
Version: Windows 2000 NetBIOS Name Server Protocol Spoofing Vulnerability Patch
Summary: First of all, this should not have been possible. But this is not a good solution. The network should be safe from the OS to start with, and a firewall should only be an extra guard, not a basic necessity.
- See all 2 user reviews Write review
Submit your review
You must be 13 years of age or older to submit personal information to CNET Networks. In compliance with the Children's Online Privacy Protection Act of 1998, CNET Networks does not accept name and e-mail address information from users who are under 13 years of age.
All submitted ratings and written comments become the sole property of CNET Networks, Inc. (CNET) and may be used at CNET Networks' sole discretion. Ratings and written comments are generally posted within two to four business days in batch groups, not in real time. However, CNET Networks reserves the right to remove or refuse to post any submission for any reason. You acknowledge that you, not CNET Networks, are responsible for the contents of your submission.
CNET Networks is not responsible for the content of the publisher's descriptions or user reviews on this site. We encourage you to determine whether this product or your intended use is legal. We do not encourage or condone the use of any software in violation of applicable laws. CNET Download.com does not sell, resell, or license any of the products listed on the site. We cannot be held liable for issues that arise from the download or use of these products.
