From proff  Thu Sep 26 19:25:10 1996
Received: (proff@localhost) by suburbia.net (8.7.4/Proff-950810) id TAA23899 for best-of-security; Thu, 26 Sep 1996 19:25:10 +1000
Received: (sendmail@localhost) by suburbia.net (8.7.4/Proff-950810) id QAA08434; Thu, 26 Sep 1996 16:38:33 +1000
Received: from UNKNOWN(128.148.157.143), claiming to be "brimstone.netspace.org"
 via SMTP by suburbia.net, id smtpd17207aaa; Wed Sep 25 21:22:14 1996
Received: from netspace.org ([128.148.157.6]) by brimstone.netspace.org with ESMTP id <22770-32761>; Wed, 25 Sep 1996 17:20:51 -0500
Received: from netspace.org (netspace [128.148.157.6]) by netspace.org (8.7/8.6.12) with SMTP id RAA22780; Wed, 25 Sep 1996 17:14:21 -0400
Received: from NETSPACE.ORG by NETSPACE.ORG (LISTSERV-TCP/IP release 1.8b) with
          spool id 534350 for BUGTRAQ@NETSPACE.ORG; Wed, 25 Sep 1996 16:39:21
          -0400
Received: from netspace.org (netspace [128.148.157.6]) by netspace.org
          (8.7/8.6.12) with SMTP id QAA19368 for <BUGTRAQ@NETSPACE.ORG>; Wed,
          25 Sep 1996 16:39:14 -0400
Approved-By: ALEPH1@UNDERGROUND.ORG
Received: from narq.avian.org (wet-string.avian.org [199.103.168.126]) by
          netspace.org (8.7/8.6.12) with SMTP id OAA27354 for
          <bugtraq@NETSPACE.ORG>; Wed, 25 Sep 1996 14:02:20 -0400
Received: from work.avian.org (work.avian.org [10.1.1.3]) by narq.avian.org
          (8.6.12/_H*) with ESMTP id NAA11770 for <bugtraq@netspace.org>; Wed,
          25 Sep 1996 13:02:07 -0400
Received: (from hobbit@localhost) by work.avian.org (8.6.12/_H*) id NAA05221
          for bugtraq@netspace.org; Wed, 25 Sep 1996 13:06:57 -0400
Approved-By:  *Hobbit* <hobbit@AVIAN.ORG>
Message-ID: <199609251706.NAA05221@work.avian.org>
Date: 	Wed, 25 Sep 1996 13:06:57 -0400
Reply-To: *Hobbit* <hobbit@avian.org>
Sender: Bugtraq List <BUGTRAQ@netspace.org>
From: *Hobbit* <hobbit@avian.org>
Subject:      NT security et al
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
Approved: proff@suburbia.net

I've been screwing around some with netbios in general, and being more or
less horrified [but not surprised, this is microsnot after all].  I've
learned that one hack you can do in the absence of any other overall
defenses is to use a non-null SCOPE ID.  They don't recommend it but that's
probably just because of the potential administrative headaches in manually
changing the scope on every machine in a facility.

The scope ID would be sort of a "global password" to your netbios service,
sort of the same way as YP domains, so it needs to be nonobvious and kept
within your walls.  Better than nothing, though...  Unfortunately the right
place to set it seems to be buried under obscure and ill-named menu items
that vary from platform, so you'll have to hunt around.

_H*