Information Security News

    April 20, 2001

Exploit devastates WinNT/2K security - The Register reports "An application called SMBRelay, written by cDc's Sir Dystic, exploits a design flaw in the SMB (Server Message Block) protocol on Win NT/2K boxes, easily enabling an attacker to interpose himself between the client and the server.

The program enables access to the server using the client's authentication by acting as a 'man in the middle' to both. For this reason it's quite difficult to defend against, unless a user blocks port 139 -- which is needed for NetBIOS sessions and therefore not practical for networked boxes -- or by using NTLMv2 which employs 128bit encrypted keys and eliminates LANMAN (NT LAN Manager, or NTLM) hashes for NT clients. "

    Older Information Security News

Copyright © 1998 - 2004 RHP Studios
All Rights Reserved!
Report errors to
Last Updated on July 24,2004 @ 11:45 hrs EST