Security Basics mailing list archives
Re: No NetBios share + No Open Port = Safe Win98?
From: "Frynge Customer Support" <frynge () frynge com>
Date: Mon, 25 Sep 2006 10:11:13 -0600
I dont know if anyone has replied to this yet, but here is some advice.The port 139 exploit was usually used for file and printer sharing hacks. Having that port open will allow someone to see your computer online with programs that will check for file and printer sharing vulnerabilities and also, possibly use your computer for DDOS attacks or flood your computer via that port.
I would make sure file and printer sharing is not on (you may not have set it on, but sometimes its on by default and with no password)
YOU SAID "I used winipcfg.exe to obtain my IP address (192.168.1.101) "It tells me you are on an internal network and that is not your real ip address but an internal address. You will have another ip that is your real ip address, you can find this by googling it and looking for online ip finders.
For DDOS and flood attacks make sure you have a nice firewall set up and you should be fine.
Win98 closed that port in later additions and service packs, so you may want to update your windows at windows update if you can.
Kelly Sigethy Frynge.com----- Original Message ----- From: <gohyongkwang () hotmail com>
To: <security-basics () securityfocus com> Sent: Friday, September 22, 2006 9:01 PM Subject: No NetBios share + No Open Port = Safe Win98? Hi,I'm using an old computer at home for casual personal communication (checking Web based emails and MSN instant messaging) and Web surfing and it is still running on Windows 98 SE due to its limited RAM and CPU power. No plan to upgrade and the computer is still good enough for the simple job.
Nevertheless, since I connect my computer to the Internet via a ADSL router/modem, I did some preliminary check on my computer to see how secure I am.
I used winipcfg.exe to obtain my IP address (192.168.1.101) and did a netstat -a on it to find out what ports are open and/or listening. It reports only port 139 as listening, which after googling around a bit says it's a NetBios session port. Dunnoe what this means though, but I've _not_ enabled "File and Printer Sharing."
Now assuming I'm a cautious Web surfer who uses Firefox and only visit reputable sites like MSN, Yahoo! and Google, and avoid visiting hacking sites and running hacking tools, and that my computer is currently not infected by malware, virus or rootkit (i.e. computer is clean and updated), is there any way that a hacker can still connect to my computer over the Internet, browse my hard disk and steal my files?
Theoretically, I've not enabled port forwarding in my router/modem, and so external computer trying to ping or connect to my computer should not succeed, and if there's no port listening at all (except for port 139), no other computer should be able to infilitrate right?
Yet, I can't say anything is foolproof. So just like to seek your expert opinion. What are the other areas I should continue to look at to further protect my system? Is it still possible to be attacked through a listening port 139 with file sharing disabled?
Thanks in advance. --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- No NetBios share + No Open Port = Safe Win98? gohyongkwang (Sep 25)
- Re: No NetBios share + No Open Port = Safe Win98? dave (Sep 26)
- Re: No NetBios share + No Open Port = Safe Win98? Frynge Customer Support (Sep 26)
- Re[2]: No NetBios share + No Open Port = Safe Win98? gmx (Sep 27)
- Re: Re[2]: No NetBios share + No Open Port = Safe Win98? Frynge Customer Support (Sep 28)
- Re: No NetBios share + No Open Port = Safe Win98? Ansgar -59cobalt- Wiechers (Sep 28)
- RE: No NetBios share + No Open Port = Safe Win98? David Gillett (Sep 28)
- Re[2]: No NetBios share + No Open Port = Safe Win98? gmx (Sep 27)
- Re: No NetBios share + No Open Port = Safe Win98? Luchino - Samel (Sep 26)
- RE: No NetBios share + No Open Port = Safe Win98? Robert D. Holtz - Lists (Sep 26)
- <Possible follow-ups>
- Re: No NetBios share + No Open Port = Safe Win98? krymson (Sep 26)
- Re: Re[2]: No NetBios share + No Open Port = Safe Win98? Gethinj (Sep 28)
- Re:No NetBios share + No Open Port = Safe Win98? Colin Copley (Sep 28)
- RE: Re[2]: No NetBios share + No Open Port = Safe Win98? Jag (Sep 29)