Navigate

Check: 3.101

Windows 2003 DC STIG: 3.101 (in version v6 r40)

Title

The system is configured to allow name-release attacks. (Cat III impact)

Discussion

Prevents a denial-of-service (DoS) attack against a WINS server. The DoS consists of sending a NetBIOS Name Release Request to the server for each entry in the servers cache, causing a response delay in the normal operation of the servers WINS resolution capability.

Check Content

Fix Text

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> “MSS: (NoNameReleaseOnDemand) Allow computer to ignore NetBIOS name release requests except from WINS servers” to “Enabled”.

Additional Identifiers

Rule ID: SV-29368r1_rule

Vulnerability ID: V-4116

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-002385	Protect against or limit the effects of organization-defined types of denial-of-service events.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
SC-5	Denial of Service Protection