|
Penetration Testing
mailing list archives
Re: [PEN-TEST] Closing Port 139
From: Rebecca Kastl <rkastl () NEOHAPSIS COM>
Date: Thu, 12 Oct 2000 15:20:00 -0500
As far as closing port 139, I have tested this extensively, and there is
really no way to do it so that it no longer shows up on a port scan.
Steps to take:
Unbind WINS/NBF from the interface
Shutdown:
* Server
* Workstation
You can implement TCP/IP port filtering, but as someone else pointed out,
this isn't as foolproof as MS would have you believe.
Even after all of these steps have been taken, a port scan will still show
NetBIOS services as listening. The reality is that the services aren't
listening on the interface in question. Connection requests to that
interface will be refused/dropped.
I went one step further and attempted to remove the NetBIOS service with
the goal being to make the system a pure IP-only host (a la UNIX), but in
doing so, the system went and removed networking entirely (including
protocols, and adapter drivers/configurations), forcing me to reinstall
networking from scratch.
If you don't want someone to know that the machine is a MS box, put it
behind a firewall -- don't rely on (or expect) MS products to provide the
level of security that you require.
--Rebecca Kastl
 By Date 
By Thread
Current thread:
|
Intro
