Penetration Testing mailing list archives
[PEN-TEST] Blocking NetBIOS \ CIFS on Win2K
From: Eric <ews () TELLURIAN NET>
Date: Sat, 14 Oct 2000 17:52:39 -0700
There are four default ways to block NetBIOS \ CIFS on a Windows 2000 system. 1) Advanced TCP/IP filtering Located: Control Panel - Network - Internet Protocol (TCP/IP) Properties - Advanced - Options - TCP/IP Filtering Properties Use: Permit Only specific protocols. Do Not permit tcp (protocol 6) ports 139 or 445 Pro: ports 139 and 445 will not respond to a port scan Con: Permit Only mechanism means you have to specify each allowed protocol, including RPC ports. (also: ICMP will be permitted even if you specify to 'permit only' and leave permitted fields blank) Reboot Required?: YES 2) IPSecurity Filtering (Has nothing to do with IPSec) Located: Control Panel - Administrative Tools - Local Security Policy - IPSecurity Policies Use: Define a rule for destination ports tcp139 and 445 from any source port / source address to 'My IPAddress'. Create and assign a blocker rule to this filter. Pro: ports 139 and 445 will not respond to a port scan. Filters are granular per protocol, and source and destination ports and addresses. Con: Tricky to setup the first time. Blocker rule must be manually defined Reboot Required?: NO 3) Disable NetBIOS over TCP/IP Located: Control Panel - Network - Internet Protocol (TCP/IP) Properties - Advanced - WINS Use: Click radio button to "Disable NetBIOS over TCP/IP" Pro: tcp 139 will not respond to port scans Con: tcp 445 will still accept connections and process NetBIOS Reboot Required: NO **WARNING: This method instills a false sense of security and should not be used as tcp 445 is still open and will accept connections** 4) Unbind File and Printer Sharing for Microsoft Networks Located: Control Panel - Network - Advanced (from menu bar) - Advanced Settings Use: Select Network Card to unbind NetBIOS - Uncheck File Sharing for Microsoft Networks Pro: Will disable all incoming requests to tcp 139 and 445 Con: tcp 139 will appear on a port scan, but will not respond to requests Reboot Required: NO I like options 2 and 4 - depending upon need. --eric
Current thread:
- [PEN-TEST] Blocking NetBIOS \ CIFS on Win2K Eric (Oct 14)