The Link-Local Multicast Name Resolution (LLMNR) and NetBIOS Name Service(NBT-NS) are Microsoft Windows components that serve as alternate methods of host identification when DNS fails. LLMNR is based upon the Domain Name System (DNS) format and allows hosts on the same local link to perform name resolution for other hosts. NBT-NS identifies systems on a local network by their NetBIOS name.
An attacker on the same network as other Windows hosts can listen for LLMNR (UDP 5455) or NBT-NS (UDP 137) broadcasts going over the wire and respond to them. The attacker pretends that they know the location of the requested host so that the targets will communicate with the attacker-controlled system.
Navis recommends the following to mitigate this issue:
If you are running Navis services on Windows, disable LLMNR and NetBIOS in the local computer security settings, or by group policy.
If for some reason you cannot disable the services, use host-based security software to block LLMNR/NetBIOS traffic.
Enable Server Message Block (SMB) signing (on page 1) to prevent relay attacks.
Mandate a strong password policy to increase the difficulty in cracking challenge-response hashes significantly.