Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Annoying pop-ups

From: Mikael Olsson <mikael.olsson () clavister com>
Date: Tue, 29 Oct 2002 02:52:58 +0100

"Ames, Neil" wrote:


David,
        Port 139 (SMB, Command: SMBsends).  "Internet Connection Firewall"
will block it.  You may have to spend some time with rules to get what you
want through the firewall--and may give up and buy one that is easier to
configure--but that's better than the situation that you appear to be in.


This is somewhat disconcerting.

You _REALLY_ should be blocking all of 135--139, TCP as well as UDP,
PLUS port 445, that got introduced in windows 2000.

Windows networking is a lot more than just port 139, folks.
Some of the not-so-clueful hackers haven't picked up on that yet,
but it's a safe bet that the clueful ones have.


And while you're on it:
PLUS port 5000 (UPnp .. eww) that windows XP brought us, including
     one publicly announced exploitable buffer overrun.

PLUS port 23 (Telnet!)
     Sure, it isn't on by default, but people found ways to abuse DCOM to 
     turn it on remotely. Uh oh.
PLUS port 3389 (Terminal Services) just because of that remote assistance 
     crap that his Billness decided that everyone and his grandma needs.
     (Neither on by default, but ...)
PLUS ... you get the picture.


-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: