mailing list archives
Re: Win2k Telnet.exe malicious server vulnerability
From: J Edgar Hoover <zorch () RIGHTEOUS NET>
Date: Mon, 18 Sep 2000 05:46:04 -0700
On Fri, 15 Sep 2000, Bronek Kozicki wrote:
From: "Ryagin Mihail Yurevitch" <ryagin () EXTRIM RU>
The problem is far more general then within single poor configuration
defaults in telnet.exe.
The main problem is that Windows automatically supply user credentials in
many situations without ever asking for his opinion.
That's why, exactly, you do not pass NetBIOS through your firewall -
incoming as well as _outgoing_ traffic.
Ahh, but it doesn't stop there...
w2k with ie also likes to exchange kerberos keys with foreign web
I noticed this whlle trying to disable the "autosearch" spyware
in ie. If you type a URL that fails lookup, ie does a search at
auto.search.msn.com.. Yes, ie has a button to 'disable' this, but when I
tried that, it was still sending data to msn. The only fix I've found was
to wall off *.search.msn.com.
While you are at it, wall off LDAP too... or just play it safe and not let
any traffic on ports <1024 in or out of the windows network.