Vulnerability Development: Re: Naptha - New DoS

[Ron DuFresne <dufresne () WINTERNET COM>]

Rather then spending all that time going from desktop to desktop to fix
something others are going to unfix anyway, do as one should for these MN$
open ports and block 137-139 tcp and udp at the gateway/firewall.  Saves
time and monies.


Thanks,

Ron DuFresne


On Fri, 8 Dec 2000, Lincoln Yeoh wrote:

> At 11:34 PM 12/6/00 -0500, White Vampire wrote:
> > Some affected operating systems:
> >
> > * Novell's Netware 5.0 with sp1 (Will not recover)
> > * Linux (2.2.x .. others ?) (Unknown.. can recover sometimes?)
> > * FreeBSD 4.0-REL (Can recover in short period)
> > * Possibly others.. it is a rather widespread problem.
> Microsoft says that Windows 9x is affected if File and Printer sharing is
> enabled.
>
> http://www.microsoft.com/technet/security/bulletin/MS00-091.asp
> http://www.microsoft.com/technet/security/bulletin/fq00-091.asp
>
> > This vulnerability could only be exploited if TCP port 139 was
> > open on the target machine. If the server service or File/Print
> > sharing were disabled on a computer it would not be susceptible
> > to this vulnerability
> However, I've noticed that even if file/print sharing is disabled, but
> Microsoft's "Client for Microsoft Networks" or "Microsoft Family Logon" is
> installed, Windows 9x still listens to port 139 and accepts connections.
> Does this still mean it can be affected? Is Microsoft's advisory accurate?
> Or do we still have to manually unbind port 139 or uninstall those
> Microsoft logon clients.
>
> Cheerio,
> Link.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.