Bugtraq mailing list archives
Re: HTML email "bug", of sorts.
From: Thor () HammerofGod com
Date: Sun, 19 Aug 2001 16:49:27 -0700
(as I've mentioned before, MS has known about this hole since before SP2) Cheers
... as have the rest of us. I would not call NTLMSSP's behavior a "hole." It's just doing its job. Properly configured firewalls block 139/445 at the interface where packets are routed to public/untrusted networks. You have brought this up a couple of times here, but I'm not really sure what you are on about. This is expected, by-design behavior. While I can conceptualize a configuration where each workstation has a table of addresses from which to identify possible hosts to authenticate to (an NTLM LAT if you will), I prefer to save the cycles and have this addressed where it belongs- at the border (or as close to home as necessary). People constantly bash Microsoft for not having a "real" operating system, yet demand to have each potential security issue addressed in the OS itself- something that would take control further and further away from the admin. That is the skinny on that. --------------------------------- Attonbitus Deus Thor () HammerofGod Com
Current thread:
- Re: HTML email "bug", of sorts. thomas . rowe (Aug 19)
- Re: HTML email "bug", of sorts. Thor (Aug 19)
- RE: HTML email "bug", of sorts. David LeBlanc (Aug 20)
- <Possible follow-ups>
- Re: HTML email "bug", of sorts. james_kelley (Aug 19)
- Re: HTML email "bug", of sorts. Alex Prestin (Aug 19)
- Re[2]: HTML email "bug", of sorts. Walter Hop (Aug 20)
- Re[2]: HTML email "bug", of sorts. Mark Tinberg (Aug 20)
- Re: HTML email "bug", of sorts. Peter W (Aug 21)
- Re[2]: HTML email "bug", of sorts. Walter Hop (Aug 20)
- Re: HTML email "bug", of sorts. Bear Giles (Aug 20)
- Re: HTML email "bug", of sorts. Sean Straw / PSE (Aug 21)
- Re: HTML email "bug", of sorts. Curt Sampson (Aug 21)
- RE: HTML email "bug", of sorts. Ben Yu (Aug 20)