Educause Security Discussion mailing list archives
XP SP2: 137, 138, 139 and 445 open by default
From: Phil Rodrigues <phil.rodrigues () NYU EDU>
Date: Wed, 9 Jun 2004 14:32:45 -0400
Hi all, We downloaded the publicly available XP SP2 beta from Microsoft, installed it on a computer, then ran some test with nmap. By default, the Windows "Security Center" allows for 2 exceptions to the firewall: one for "File and Print Sharing" and one for "Remote Assistance". Remote Assistance didn't seem so scary: you still have to enable that feature, which is disabled by default. But since an exception for "File and Print Sharing" was enabled by default, nmap showed that ports 137/udp, 138/udp, 139/tcp, and 445/tcp were all open, even when the Firewall was turned on. By default. In order to close these ports, we had to take the extra step of disabling the exception within the Windows Security Center app. Please try it yourself, and tell me if we missed something: http://www.microsoft.com/SP2Preview So, I would still make plans to automate pre-registration scans of your networks for Windows RPC-ish vulnerabilities, at the very least. They may have closed 135/tcp, but with 445/tcp open there is still plenty of room for mischief. By default. Phil Sr Network Security Analyst New York University ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- XP SP2: 137, 138, 139 and 445 open by default Phil Rodrigues (Jun 09)
- <Possible follow-ups>
- Re: XP SP2: 137, 138, 139 and 445 open by default Gary Flynn (Jun 09)