[ previous ] [ next ] [ threads ]
 From:  Quark Group - Hilton Travis <Hilton at quarkgroup dot com dot au>
 To:  Richard Parvass <richard dot parvass at aaland dot co dot uk>, "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Howto workaround new NetBIOS vuln.
 Date:  Wed, 30 Dec 2009 05:55:54 +1000
G'day Richard,

Totally - configuring *your* DHCP Server to disable NetBIOS won't do diddly squat to protect a
laptop in a public area or hotel and the Microsoft article referred to doesn't take that into
consideration at all.  Also, hoping the AP in the Hotel you're staying in - unless it is one in
which you maintain the Wi-Fi setup - has client isolation enabled is like hoping the drunk girl you
slept with at that party the other night that you can almost remember some of didn't have an STI -
it isn't a good nor reliable way of staying safe.  :)

Disabling "Automatically detect settings" on any laptops you support will ensure this NetBIOS attack
won't work on them, however it then relies on the Hotel knowing what the settings are for any
proxies - which REALLY should be transparent proxies if the truth be told!  :)




Hilton Travis                       Phone: +61 (0)7 3105 9101
(Brisbane, Australia)               Phone: +61 (0)419 792 394
Manager, Quark IT                   http://www.quarkit.com.au
         Quark Group                http://www.quarkgroup.com.au

War doesn't determine who is right.  War determines who is left.

-----Original Message-----
From: Richard Parvass [mailto:richard dot parvass at aaland dot co dot uk]
Sent: Tuesday, 29 December 2009 11:48 PM
To: m0n0wall at lists dot m0n0 dot ch
Cc: Lee Sharp
Subject: RE: [m0n0wall] Howto workaround new NetBIOS vuln.


You cannot necessarily rely on disabling NetBIOS via DHCP, as a client
machine may have the option set to always enable NetBIOS on its WINS
settings tab, thus defeating the DHCP option and leaving it vulnerable.

Assuming a wireless infrastructure in the hotel as is the norm,
configure the APs for client isolation so that no client can communicate
with another. This will mitigate the problem.


This document and any attachments are for the intended recipient only.
It may contain confidential, privileged or copyright material which
must not be disclosed or distributed without prior approval.

Quark Group Pty Ltd :: ABN 23 114 975 772
Trading As Quark AudioVisual, Quark Automation, Quark IT