NetBIOS and LLMNR is being actively exploited in the wild

NetBIOS and LLMNR is being actively exploited in the wild

Net what? and LL-what?

These are old protocols, although LLMNR is newer, that allow for a non-Active Directory Domain (if you have a real server you have this) to communicate by name. This is really great, until you learn that these protocols were created without and security checking. What happens is that any computer looking for another computer or “server” on the network will simply “ask the network” for where a computer is – the problem comes from the fact that ANYONE can reply saying they are someone else and this can still happen with Active Directory (a real server). A active exploit in the wild is exploiting this, and without you doing anything, it can steal your usernames, passwords, and more. Whats worse, is that there is no way you would even know this occurred or is still occurring!

We have put in place blocks to prevent this sort of attack and these will be rolling out to all MSP customers over the next few days. If you have any issues, don’t hesitate to contact the help desk!