Re: [PEN-TEST] Closing Port 139

["Walling, Ken" <Ken.Walling () USA XEROX COM>]

This might be worth mentioning just in case you aren't aware of this
feature.

If you go into your network settings (R-click Network Neighborhood -
Properties)
click on the protocol tab
double click TCP/IP Protocol
select the adapter in question from the pull down box
click on the advanced button
click check box to "Enable Security" (if it isn't)
click on Configure
 --- now you will be in the TCP/IP security window
from here you have the option to "Permit Only" for TCP, UDP, and IP
Protocols
I suggest you use all three of these.  You will have to figure out what you
need - but for example - a web server would only need port 80 TCP and UDP
and Protocol and... damned if I can remember the MS code to enable only TCP
ummmm... well, at least we turned off port 139 :)

If anyone knows the Protocol number for TCP (maybe 7 or 9?  or 16? - darn)
please let me know --- sleepless nights to follow now until I recall :(

        happy port blocking,

                Ken


-----Original Message-----
From: Kasey Speakman [mailto:kspeakman () DSENGINEERING COM]
Sent: Thursday, October 12, 2000 9:54 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Closing Port 139


How do I close this port?  The situation is that we are using an NT Server
machine with MS Proxy Server.  There are no shares on this computer.  The
computer has 2 nics.  One goes to the LAN, and the other goes to our router.
I have the internet nic unbound from the WINS on both the server and the
workstation services, but the other card is bound to the WINS on both
services.  Auditing tools still show that the port is open, even though it
won't give anyone any connections, but I don't want any attention being
drawn to it by that port being open at all.  Help will be appreciated!

Thanks,

Kasey