Secant Computing Systems, Incorporated
Microsoft Windows NT Port 139 Fix - Saturday, May 10, 1997
The Kegs Approach
_________________________________________________________________
Binding Configuration The following steps apply to version 4.0.
1. Go into Control Panel -> Network -> Bindings Tab
2. Drop down the list for "Show Bindings for:" and select "all
adapters"
3. Find the WAN Wrapper that says "Remote Access WAN Wrapper"
4. Expand it so you see WINS Client(TCP/IP)
5. Select the WINS Client(TCP/IP) and click the DISABLE button
6. Reboot System
Note: When you log into NT4, you will get a message window that says
certain services or drivers didn't start. This is ok and will happen
each time you reboot, but shouldn't happen if you log into another
account.
Background Information - Courtesy of bugtraq@netspace.org
It is possible to remotely cause denial of service to any Windows 95
or Windows NT user. It is done by sending OOB (Out Of Band) data to an
established connection with a Windows user. NetBIOS [139] seems to be
the most effective since this is a part of Windows. Apparently Windows
doesn't know how to handle OOB, so it panics and crazy things happen.
Reports have been heard of everything from Windows dropping carrier to
the entire screen turning white. Windows also sometimes has trouble
handling anything on a network at all after an attack like this. A
reboot fixes whatever damage this causes.
Solution courtesy of Keith Gamard and the #Windows ops on EFnet.
Web page by Brett A. Erkman
This page may not be reproduced in any means without express written
consent from the authors.