XP SP2: 137, 138, 139 and 445 open by default

[Phil Rodrigues <phil.rodrigues () NYU EDU>]

Hi all,

We downloaded the publicly available XP SP2 beta from Microsoft,
installed it on a computer, then ran some test with nmap.

By default, the Windows "Security Center" allows for 2 exceptions to the
firewall: one for "File and Print Sharing" and one for "Remote Assistance".

Remote Assistance didn't seem so scary: you still have to enable that
feature, which is disabled by default.

But since an exception for "File and Print Sharing" was enabled by
default, nmap showed that ports 137/udp, 138/udp, 139/tcp, and 445/tcp
were all open, even when the Firewall was turned on.  By default.  In
order to close these ports, we had to take the extra step of disabling
the exception within the Windows Security Center app.

Please try it yourself, and tell me if we missed something:

http://www.microsoft.com/SP2Preview

So, I would still make plans to automate pre-registration scans of your
networks for Windows RPC-ish vulnerabilities, at the very least.  They
may have closed 135/tcp, but with 445/tcp open there is still plenty of
room for mischief.  By default.

Phil

Sr Network Security Analyst
New York University

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.