Packetstan: NBNS Spoofing on your way to World Domination

Since the look up is just a hostname, windows adds the local DNS suffix to the query and asks its DNS server(s). The suffix picked up my the Windows box usually comes from the DHCP server. As you can see, the DNS server replied that it had no idea on how to lookup that name. Next, you’ll see the NBNS Request. The beautiful thing is, the NBNS Request is a broadcast, so anyone can reply easily and redirect traffic.

via Packetstan: NBNS Spoofing on your way to World Domination.


NBNS serves much the same purpose as DNS does: translate human-readable names to IP addresses e.g. to As NetBIOS can run on top of several different network protocols e.g. IP, IPX, …, other implementations of the NetBIOS services have their own mechanisms for translating NetBIOS names to addresses. NBNS’s services are more limited, in that NetBIOS names exist in a flat name space, rather than DNS’s hierarchical one multiple flat name spaces can exist, by using NetBIOS scopes, but those are rarely used, and NBNS can only supply IPv4 addresses; NBNS doesn’t support IPv6.

via NetBIOS/NBNS – The Wireshark Wiki.