[原文]The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets.
NT Workstations and Servers must have unique hostnames if they reside on the same network. Should an NT host attempt to use an existing hostname, the second server (with the new duplicate name) will fail to start its workstation and server services. (Once the name has been changed to a unique value and has been rebooted, the host will operate normally).
Should an NT host claim the hostname of a "victim" NT host while that host is turned off, the "victim" host will be subject to a Denial of Service-like attack because the workstation and server services will fail to start. NT hosts are usually prevented from taking duplicate names within one domain they must register their existence with an NT Domain Controller when initially joining the domain. (This registration process must be performed by someone with administrator privileges.)
A situation has been noted wherein a Win95 host may register the victim hostname (with a WINS server) by setting the Win95 workgroup name equal to the victim's hostname. The next time the victim host is rebooted, it will fail to start the workstation and server services as the WINS server will report that the hostname is claimed by the Win95 host.
Set the Win95 workgroup name equal to the hostname for the victim NT host. If the WINS server registers this hostname, and the victim NT host is rebooted, it will fail to start its workstation and server services.