Re: TIS Gauntlet : WINS and Exchange

[Bill_Royds () pch gc ca]

WINS is really DNS on another port down to format of the replies. So
anything you could do with DNS (cache poisoning, exploits) can be done on
WINS.
The port used is 137/UDP which is one part of the netbios suite (from
137-139). Since all your machines advertise themselves as being exploitable
MS OS machines with broadcasts on this port, it is inherently very
dangerous to do this over the Internet. THe smbclient (or simple NT stuff)
would certainly allow them to break passwords unless they use NT challenge
respone password checking (this would slow things down but not eliminate
it).

Why don't they use a VPN tunnel (even MS pptp would be better than nothing)
to connect the 2 WINS servers and not allow any netbios over the Internet?






Hey folks,
So I am currently on a project that involves
a number of m$ products; <sigh>
"Know thy enemy" is what I always say
though.
check this: the company has 2 WINS servers, the primary
one is in their uptown location. Their secondary is
at their downtown location, where I am.
So they do WINS resolution _over the INternet_.
(no inter-office connectivity
except through the net). Is WINS and port 137-139
netbios services the same thing? How the fsck does WINS
work anyway? More importantly, how will I pass
it through the Gauntlet firewall (plug-gw?) ( is there not
the fear that somebody can just use smbclient and
a cracked password to access the drives?) Not only
that, but they do the Exchange database replication
also _over the internet_. needless to say, their
setup is fubar. but I have to know how does the m$ sexchange
db replication work anyway? (which ports or anything)
more importantly, how do I pass it through gauntlet?
I believe I might have to just tcpdump
on the wire and figure out what's happening,
cause RFC1001 and RFC1002 aint fun reading.
Suggestions, flames, comments welcome.
--Anindya