Re: [PEN-TEST] Closing Port 139

["Deus, Attonbitus" <Thor () HammerofGod Com>]

This configuration will show port 139 as open, but it will not serve any
requests.
If you want to completely block it, then you must go to the properties of
one of the proxy services in your MMC, go to your shared security services,
and enable packet filtering.  Select dynamic packet filtering to allow the
proxy services to dynamically create their own ip filters to allow users
using them in/out.

You will have to create filters for any services you want to allow through,
but this is the best way (most secure that is) to do what you want.
---------------------------------------------------------
Attonbitus Deus
thor () hammerofgod com

----- Original Message -----
From: "Kasey Speakman" <kspeakman () DSENGINEERING COM>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Thursday, October 12, 2000 6:54 AM
Subject: [PEN-TEST] Closing Port 139


> How do I close this port?  The situation is that we are using an NT Server
> machine with MS Proxy Server.  There are no shares on this computer.  The
> computer has 2 nics.  One goes to the LAN, and the other goes to our
router.
> I have the internet nic unbound from the WINS on both the server and the
> workstation services, but the other card is bound to the WINS on both
> services.  Auditing tools still show that the port is open, even though it
> won't give anyone any connections, but I don't want any attention being
> drawn to it by that port being open at all.  Help will be appreciated!
>
> Thanks,
>
> Kasey