Penetration Testing: Re: [PEN-TEST] Closing Port 139

["Deus, Attonbitus" <Thor () HammerofGod Com>]

I'll correct 2 mistakes in one email:

> As far as closing port 139, I have tested this extensively, and there is
> really no way to do it so that it no longer shows up on a port scan.
When you implement the Proxy packet filtering option, only the selected port
will be opened,
and only those ports will show as opened.  This is also true of the Advanced
TCP/IP options in the protocol config.

> -- don't rely on (or expect) MS products to provide the
> level of security that you require.
Misconfiguration of the os/product in question is not Microsoft's problem.

Now on to the other one (different email):

> This gets even funnier with certain of the NT-based firewalls (MS Proxy
> Server is NOT a firewall, by the way) that open more ports than they close.
Incorrect.  MS Proxy 2.0 absolutely is a firewall.  It may not provide
stateful inspection and other advanced features, but if you tell it to
block, it blocks.  That is what a firewall does.  While it is true that I
have seen extensively screwed up configs of Proxyserver (all preconfigured
filters selected, IP forwarding enabled, etc, etc..) that is, again, due to
misconfiguration.

---------------------------------------------------------
Attonbitus Deus
thor () hammerofgod com