For those who aren't aware, NetBIOS as used in Windows(tm) brand OSes, at least through XP Service Pack 3, have a multi-step name resolution process. If a particular name is not found via DNS lookup, the system will query the local subnet's NetBIOS for a match. As such, if we have access to an interface on the local subnet (via source routing or a GRE tunnel) we can potentially redirect misspelled names to ourselves (or non-existent names, in some cases).
Note: This type of attack is not exactly unique to windows. Under linux, the nsswitch.conf file can be configured to query all sorts of directory services to locate machines. While the video doesn't demonstrate "poisoning" a linux client, a system with a configuration to query the local subnet for a name could also be created. See the /etc/nsswitch.conf man pages, and google pages.
First, the script ( which can be downloaded at http://aconole.brad-x.com/nbnspoof.py ) is a simple python + scapy script to watch for netbios name query traffic on an interface; if the name matches the supplied regex, the script simply generates a response.
EDIT: Re-introducing the video once I clean it up - realized I had some personal stuff on the Desktop.