reinitialized.net/infrastructure
2
0
Fork 0
Code Issues 37 Pull requests Projects Releases Packages Wiki Activity Actions

[MEDIUM] Undocumented Windows host at 10.1.11.254 with NetBIOS exposure #38

New issue
Open
opened 2026-05-06 10:46:25 -05:00 by pjennings · 0 comments
pjennings commented 2026-05-06 10:46:25 -05:00
Owner
Copy link

Description

Host 10.1.11.254 (MAC: BC:24:11:48:A7:54) appears to be a Windows system running Microsoft HTTPAPI and exposing NetBIOS name service. It is undocumented.

Finding Details

  • Host: 10.1.11.254 (unknown hostname)
  • OS: Likely Windows Server 2016 or Windows 10 (nmap fingerprint, 92% confidence)
  • Discovered by: Rootful nmap SYN+UDP scan, 2026-05-06

Open Ports

Port Proto Service
5357/tcp TCP Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
137/udp UDP NetBIOS name resolution

Risk

  • NetBIOS-NS (137/udp) is susceptible to name poisoning attacks (Responder, ntlmrelayx)
  • Microsoft HTTPAPI can leak device information via SSDP/UPnP
  • Unknown purpose, ownership, and patch status

Recommendations

  1. Identify the host (printer? NAS? IoT? Windows VM?)
  2. Document in inventory
  3. Disable NetBIOS if not needed
  4. Disable SSDP/UPnP if not needed
  5. Ensure Windows is patched
  6. Add firewall rules

References

  • Related: docs/network-scan-2026-05-06.md (Finding F-03)
## Description Host `10.1.11.254` (MAC: BC:24:11:48:A7:54) appears to be a Windows system running Microsoft HTTPAPI and exposing NetBIOS name service. It is undocumented. ## Finding Details - **Host:** 10.1.11.254 (unknown hostname) - **OS:** Likely Windows Server 2016 or Windows 10 (nmap fingerprint, 92% confidence) - **Discovered by:** Rootful nmap SYN+UDP scan, 2026-05-06 ### Open Ports | Port | Proto | Service | |------|-------|--------| | 5357/tcp | TCP | Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) | | 137/udp | UDP | NetBIOS name resolution | ## Risk - NetBIOS-NS (137/udp) is susceptible to name poisoning attacks (Responder, ntlmrelayx) - Microsoft HTTPAPI can leak device information via SSDP/UPnP - Unknown purpose, ownership, and patch status ## Recommendations 1. Identify the host (printer? NAS? IoT? Windows VM?) 2. Document in inventory 3. Disable NetBIOS if not needed 4. Disable SSDP/UPnP if not needed 5. Ensure Windows is patched 6. Add firewall rules ## References - Related: docs/network-scan-2026-05-06.md (Finding F-03)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
indev
No results found.
Labels
Clear labels   
area:documentation

Documentation, inventory, runbooks

  
area:infrastructure

Infrastructure services and hardware

  
area:network

Network, firewall, and connectivity

  
area:security

Security vulnerabilities and findings

  
priority:critical

Fix immediately — active risk

  
priority:high

Fix within 1-2 weeks

  
priority:low

Backlog — hardening and best practices

  
priority:medium

Fix within 1 month

  
status:blocked

Blocked on dependency or decision

  
type:bug

Misconfiguration or broken behavior

  
type:deployment

New service or system deployment

  
type:enhancement

Improvement or hardening

  
type:investigation

Needs research or identification

No labels
area:documentation
area:infrastructure
area:network
area:security
priority:critical
priority:high
priority:low
priority:medium
status:blocked
type:bug
type:deployment
type:enhancement
type:investigation
Milestone
Clear milestone
No items
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
reinitialized.net/infrastructure#38
No description provided.