Windows 2003 SP1 modifies File Server behavior to prevent “reflection” attacks (by Dave Krantz)
Microsoft has modified the use of SMB server Alias names to improve server protection from “reflection” attacks. Effective with Windows 2003 SP1, the use of server Alias names on the same server where they are defined has been disabled by default. For more information about this change, refer to Microsoft Knowledge Base article Q281308 and Microsoft article 896861.
Access to SMB shared files on a file server is usually initiated from other client computers on the network, and access to file shares over the network using a server Alias name is still supported. However, use of a server Alias name on the local server where it is defined has been disabled by SP1 and attempts to use it locally will generate the following error messages:
System error 52 has occurred.
A duplicate name exists on the network.
If local access to shares on the same server (using an SMB Alias name) is needed, and if the server is not vulnerable to a reflection attack, the original behavior can be restored. A new DWORD registry value “DisableLoopbackCheck” is required (=1) at the following registry key location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
DWORD Value Name = DisableLoopbackCheck
Value Setting = 1
Comments