NetBIOS Name Server Protocol Spoofing

Reported July 27, 2000 by PGP Security and Sir Dystic of cDc

  • Microsoft Windows NT 4.0 Workstation
  • Microsoft Windows NT 4.0 Server
  • Microsoft Windows NT 4.0 Server, Enterprise Edition
  • Microsoft Windows NT 4.0 Server, Terminal Server Edition
  • Microsoft Windows 2000


By sending a specifically designed NetBIOS packet to
susceptible Windows machines, those machine can be made to relinquish their names or fail to successfully register their names on the network. Such an attack would render the machine unavailable to users that attempt access via the machine's NetBIOS name.


Microsoft issued a FAQ, a Support Online article Q269239, and a patch for Windows 2000 to correct the problem. According to Microsoft's bulletin, patches will be available "shortly" for NT 4.0 series operating system, although no explanation for the delay was given.

User are urged to filter NetBIOS traffic (TCP 137, 138 and UDP 139) in order to prevent disruptions

Discovered by PGP Security and Sir Dystic of cDc

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.