Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

nt.pdc.dos.txt

🗓️ 17 Aug 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 26 Views

Denial of service attack on NT primary domain controller from misconfigured Win95 workstation

Code
` Date: Fri, 4 Jun 1999 14:01:01 -0700  
Reply-To: Carl Byington <[email protected]>  
Sender: Windows NT BugTraq Mailing List <[email protected]>  
From: Carl Byington <[email protected]>  
Subject: denial of service attack against NT PDC from Win95 workstation  
  
-----BEGIN PGP SIGNED MESSAGE-----  
  
I searched the archives, but did not find this one discussed.  
  
We have an NT PDC and a bunch of Win95 workstations. The NT domain name is  
AAA and the PDC netbios machine name is BBB. Normally, the Win95  
workstations are configured to logon to the NT domain, and with the  
identification tab set to workgroup=AAA. This works nicely.  
  
However, we misconfigured a Win95 box with workgroup=BBB. No symptoms were  
evident until the server was rebooted after a power failure (properly  
handled by an APC UPS). We then got the 'BBB is not a valid computer name'  
which caused the workstation service to fail to start, and that in turn  
prevented a bunch of other stuff from starting. The event log entry pointed  
to the IP address of the PDC as being responsible for trying to add the  
conflicting name BBB.  
  
We could manually start the affected services, starting with the  
workstation service. At that point, things seemed to be more or less  
normal, but user manager for domains had problems opening the user list.  
  
These symptoms seemed to be similar to those listed in MS article Q166184,  
but we don't have RAS installed on that machine, and we don't have any  
static WINS entries. However, we did not scroll thru the full list of  
workstations in the WINS database, or we would have seen the Win95  
workstation that had registered the name BBB.  
  
At this point, we deleted the entire WINS database and rebooted the server.  
Things worked normally until that workstation again registered its name as  
BBB, but this time the event log pointed to the workstation IP so we could  
finally track it down.  
  
The server is running NT4, SP3.  
  
  
-----BEGIN PGP SIGNATURE-----  
Version: 4.5  
  
iQCVAgUBN1g+hdZjPoeWO7BhAQFtoAQAqEkBc/RfrRuIyddbQRZ+gJxHYnflk0NU  
pAv+vx9vbI/qAVzdPH2anLMyb4Sci042Tix9bsRCHIB3V6f8qqBgaOSpJjzZEn8z  
OmY+sxlgnuC6yO4c2VWXJTh4OGq6HS0wjhPdQKfKHvYe5BvePeJ6+S8gl5BuG5lO  
pV33Ftg1JRU=  
=Dt/i  
-----END PGP SIGNATURE-----  
  
PGP key available from the key servers.  
Key fingerprint 95 F4 D3 94 66 BA 92 4E 06 1E 95 F8 74 A8 2F A0  
  
http://www.five-ten-sg.com  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
denial of service attacknt primary domain controllermisconfigured workstationevent log issuewins databasereboot issue
26