***wasn't sure where this should be posted***


although this alert is nearly two years old rarely if ever is it mention. so for the sake of it::

http://www.pgp.com/research/covert/advisories/045.asp

Windows NetBIOS Unsolicited Cache Corruption

Network Associates, Inc.
COVERT Labs Security Advisory
August 29, 2000

* Synopsis

The Microsoft Windows implementation of the NetBIOS cache allows a remote attacker to insert and flush dynamic cache entries as well as overwrite static entries through unsolicited unicast or broadcast UDP datagrams. As a result, remote attackers either on the local subnet or across the Internet may subvert the NetBIOS Name to IP address resolution process by redirecting any NetBIOS Name to any arbitrary IP address under the control of the attacker.

Note: According to Microsoft, there will not be a patch released for this vulnerability. The resolution section of this advisory lists several options for end users to minimize its impact.

RISK FACTOR: HIGH


* Vulnerable Systems

All versions of Microsoft Windows 95, 98, NT and 2000 are susceptible to cache corruption

Hi snowman! I have a question. What if you have programs which regularly delete the cache? Would that help? (I'll check around too.)

Also, Steve Gibson has a technique for fixing your Network Connections so they are not all connected. I recall that NetBios disconnections were featured? Maybe we can check on this. I applied the technique but it was a long time ago.

I have always blocked 135-139 and 445, UDP and TCP with my firewall. I also have NetBios over TCP uninstalled on my machine with no ill effects and I have a lan with AnalogX Proxy for ICS.
You just need to be careful in uninstalling NetBios or you will lose your ability to surf. Gibson has directions and there are other sites too.
I am not familiar with the "NetBios Cache", but I don't think its going to bother me.
Never hurts to post old stuff that still is perfectly relevant, Snowy. A lot of good info gets lost in time, much to my dismay. My memory fails me more each day. :(

Root

Whats a memory...I forgot ?

as you no doubt noticed M$ never\wont issue a patch....so ole news remains new news in this case.
my health is still very far from good...some improvements yes...but not venturing far these days.....but as soon as possible I want to check into Linux as a dull boot.....there is a season for all things....Windows had its time....it even served a purpose.....an now tis the season for change
eventually M$ will turn Windows into one larger broswer...one big spy-eye..........no thanks.

snowman