Security Basics mailing list archives
Re: Desktops - is disabling TCP/445 or TCP/139 more secure?
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Tue, 20 Jun 2006 22:30:31 +0200
On 2006-06-19 Thor Ryan wrote:
We have implemented Host Based Intrusion Prevention software (Cisco Security Agent), and a debate is raging - should we deny TCP/445 traffic so SMB traffic defaults to NetBIOS over TCP/IP, should we disable NetBIOS overt TCP/IP and only allow TCP/445 traffic, or just let both exist on the network? Some admins have said that TCP/445 scans are mounting, and that denying TCP/445 is more secure. Others say denying NetBIOS over TCP/ IP (TCP/137-139) is more secure. To me, a socket is a socket, what matters is the service listening on the particular port. Is TCP/445 more secure than NetBIOS, or the other way around?
That depends on what you need on your local network. 445/tcp (Direct- SMB) provides just SMB/CIFS for file shares, whereas NetBIOS has a lot more features (such as browsing or messaging). You definitely should NOT have either of them open towards public networks. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- Desktops - is disabling TCP/445 or TCP/139 more secure? Thor Ryan (Jun 20)
- Re: Desktops - is disabling TCP/445 or TCP/139 more secure? Ansgar -59cobalt- Wiechers (Jun 20)
- RE: Desktops - is disabling TCP/445 or TCP/139 more secure? David Gillett (Jun 20)
- RE: Desktops - is disabling TCP/445 or TCP/139 more secure? Roger A. Grimes (Jun 21)
- RE: Desktops - is disabling TCP/445 or TCP/139 more secure? Thor & Sue Ryan (Jun 21)
- RE: Desktops - is disabling TCP/445 or TCP/139 more secure? Roger A. Grimes (Jun 21)