Penetration Testing mailing list archives
Re: [PEN-TEST] Closing Port 139
From: Rebecca Kastl <rkastl () NEOHAPSIS COM>
Date: Thu, 12 Oct 2000 15:20:00 -0500
As far as closing port 139, I have tested this extensively, and there is really no way to do it so that it no longer shows up on a port scan. Steps to take: Unbind WINS/NBF from the interface Shutdown: * Server * Workstation You can implement TCP/IP port filtering, but as someone else pointed out, this isn't as foolproof as MS would have you believe. Even after all of these steps have been taken, a port scan will still show NetBIOS services as listening. The reality is that the services aren't listening on the interface in question. Connection requests to that interface will be refused/dropped. I went one step further and attempted to remove the NetBIOS service with the goal being to make the system a pure IP-only host (a la UNIX), but in doing so, the system went and removed networking entirely (including protocols, and adapter drivers/configurations), forcing me to reinstall networking from scratch. If you don't want someone to know that the machine is a MS box, put it behind a firewall -- don't rely on (or expect) MS products to provide the level of security that you require. --Rebecca Kastl
Current thread:
- Re: [PEN-TEST] Closing Port 139 Anderson, Harry F. (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Steve (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Jamie C. Pole (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Rebecca Kastl (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Deus, Attonbitus (Oct 12)
- <Possible follow-ups>
- Re: [PEN-TEST] Closing Port 139 Costa, Andrew (Oct 12)
- [PEN-TEST] Closing Port 139 Kasey Speakman (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Ansar Mohammed (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Deus, Attonbitus (Oct 12)
- Re: [PEN-TEST] Closing Port 139 SMILER (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Marc Maiffret (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Tim Crothers (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Walling, Ken (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Frank Dimina (Oct 12)
(Thread continues...)