Spoofing a Netbios name to a windows client....

Posted on 2011-04-21
Last Modified: 2012-05-11
I am in the midst of a data center move.  I have been asked by my customer to put together a proof of concept for an application - which uses UNC names to denote destinations for writing its files.

In effect, there is a client PC (lets say its a Windows 2003 server) who, through its application, writes files to \\destination\share

Now, I want to test this proof of concept without affecting the production destination.  So, I want to "spoof" the destination to a 3rd location thats nearby, lets say \\newdest\share.  However, I want to use the original server name {destination}.

I have over-written the HOSTS file on the client, and when I ping "destination" I see the IP address for "newdest".  Wonderful.

The issue comes when I try to connect to \\destination\share in Windows explorer - or if I try a "net use \\destination\ipc$" in the client command line.

In windows explorer, I get a message stating

"\\{destination\share} is not accessible.  You might not have permission to use this network resource.  Contact the administrator of this server to find out if you have access permissions.

You were not connected because a duplicate name exists on the network.  Go to System in Control Panel to change the computer name and try again".

Undaunted, I fire up my trusty mac.  I quickly add a hosts entry for "destination" - and when I use the Mac finder, I can instantly connect to "smb:\\destination\share" and I see the "newdest\share" files !  Wonderful.

So, I think it has something to do with WINS or Netbios.  So, back on my client PC, I change the IP address advanced configuration, remove all WINS addresses, disable "LMHOSTS lookup" and "Disable NetBIOS over TCP/IP" and reboot (hey, why not).  I still get the same issue.

So, I'm trying to map to "\\destination\share" but I really want it to go to "\\newdest\share".

What suggestions does the group have on this conundrum ?
Question by:altquark
    LVL 1

    Assisted Solution

    On a per-system basis, I've been able to spoof names resolved using both DNS and WINS.  DNS, as you've already noted, uses HOSTS.  WINS (a.k.a. Netbios) uses LMHOSTS.

    If you want traffic sent to OLDSYSTEM to be directed to NEWSYSTEM and NEWSYSTEM's IP address is, you'd want something like this added to your LMHOSTS file: OLDSYSTEM      #PRE

    When this is saved, from a command line, issue the following command:
    nbtstat -R
    (use the upper case R)

    As you've said with your HOSTS file, you'd want something like this in place: oldsystem

    When this is saved, from the command line, issue the following command:
    ipconfig /flushdns

    I've used this technique when testing a copy of our database during a database move from our web server.  This allowed me to attempt running the web applications and verify things were wroking okay before I contacted our network administrator to make the permanent switch.

    Keep in mind that any system you want to spoof name resolution will need to have these modifications.

    Hope this helps!
    LVL 1

    Author Comment

    We tried this earlier.  We added that exact line to LMHOSTS, ensured that the "Use LMHOSTS file" was checked in WINS, flushed DNS and also NBSTAT-R, and it didn't do nothing....

    Now - heres the kicker - NEWSYSTEM is on the same Domain (AD) as the client, but OLDSYSTEM is a on a trusted domain.

    HOWEVER, when I also tried doing this with "FAKESYSTEM" ( a system name that doesn't exist at all on the network) - I'm getting the same error (duplicate name on the network) - which is WIERD ?!
    LVL 5

    Accepted Solution

    I take it this is an Active Directory scenario? To be able to connect to shares on a server using another server's name you need to add the name and service principal names to the new destination.

    If your HOSTS entry resolves to the NEWDEST but you can't connect you will have to add the host Service Principal Name for DESTINATION to NEWDEST:


    setspn is in the resource kit tools or adminpak.msi

    Note, DESTINATION will have to be disconnected from the network when you do this or it won't allow its SPN to be moved to NEWDEST.

    You may also have to add the DESTINATION server name to NEWDEST. You can do this by creating the following REG_MULTI_SZ value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\OptionalNames
    on NEWDEST. Add the DESTINATION name to this key and restart the server service. Again, DESTINATION needs to be off the network when you do this.

    you may need to add BackConnectionHostnames in to newdest's registry, as per, or you may get "the target account is incorrect".
    LVL 1

    Author Comment

    Closing manually.  Sorry it took a while.
    LVL 1

    Author Closing Comment

    We decided to not spoof the IP - so it wasn't possible to accurately test the solutions offered.  I am closing this question and awarding points with the higher points to Scuthber since his was information we didn't know about.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    ports for sccm 2012 1 32
    Bit Locker 2 29
    Laptop with upgraded Win10 will not boot 13 63
    problem with Windows 10 updating "forever" 13 40
    Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
    This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now