Penetration Testing mailing list archives
Re: [PEN-TEST] Closing Port 139
From: "Costa, Andrew" <Andrew.Costa () CITIZENSBANK COM>
Date: Thu, 12 Oct 2000 11:53:26 -0400
If you are auditing via the LAN or you are auditing outside of the LAN, but have a route somehow into the LAN (maybe router mis-config?) then you will get WINS services on your scan. Also, if your registry or SNMP is dishing out info, you will get a report that WINS is running even if you can't connect to it. Do a full security hardening on the OS to fix these types of problems. IMHO, optimal security for your setup would be to run ONLY TCP/IP on the proxy; it should not have any ties to your internal LAN, i.e. domain membership. The router should be doing port filtering on both inbound and outbound traffic. Consider putting a FW between your Proxy and the router, and create a DMZ. If you want a quick fix, set the IP security on the proxy's inside NIC to deny all ports except those required for proxy access, and limit internal NIC access to only valid IP ranges in your LAN. Andrew
-----Original Message----- From: Kasey Speakman [mailto:kspeakman () DSENGINEERING COM] Sent: Thursday, October 12, 2000 9:54 AM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] Closing Port 139 How do I close this port? The situation is that we are using an NT Server machine with MS Proxy Server. There are no shares on this computer. The computer has 2 nics. One goes to the LAN, and the other goes to our router. I have the internet nic unbound from the WINS on both the server and the workstation services, but the other card is bound to the WINS on both services. Auditing tools still show that the port is open, even though it won't give anyone any connections, but I don't want any attention being drawn to it by that port being open at all. Help will be appreciated! Thanks, Kasey
Current thread:
- Re: [PEN-TEST] Closing Port 139 Anderson, Harry F. (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Steve (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Jamie C. Pole (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Rebecca Kastl (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Deus, Attonbitus (Oct 12)
- <Possible follow-ups>
- Re: [PEN-TEST] Closing Port 139 Costa, Andrew (Oct 12)
- [PEN-TEST] Closing Port 139 Kasey Speakman (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Ansar Mohammed (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Deus, Attonbitus (Oct 12)
- Re: [PEN-TEST] Closing Port 139 SMILER (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Marc Maiffret (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Tim Crothers (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Walling, Ken (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Frank Dimina (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Deus, Attonbitus (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Frank Dimina (Oct 13)
(Thread continues...)