Full Disclosure mailing list archives
RE: SMB overflow attacks
From: full-disclosure () lists netsys com (Peter Gutmann)
Date: Tue, 27 Aug 2002 17:42:24 +1200 (NZST)
"Jason Coombs" <jasonc () science org> writes:
Does anyone have any information about why System binds to a port above 1024, and what can be done, if anything, to force Windows 2000/XP/.NET Server to stop binding to port 445 TCP and UDP?
445 is the new NetBIOS [0], and just as easy to get rid of (i.e. you don't, you block it at the firewall). I assume from your post that you've already tried the old NetBIOS trick of binding it to the loopback NIC? I wish they'd at least have an option to bind all the random uncontrollable junk to 127.0.0.1 rather than 0.0.0.0... Peter. [0] Quite literally. MS took all the NetBIOS stuff they knew about and moved it to 445, leaving the stuff they didn't know about to wither at 13x.
Current thread:
- SMB overflow attacks KF (Aug 26)
- RE: SMB overflow attacks Jason Coombs (Aug 26)
- RE: SMB overflow attacks John Schutz (Aug 27)
- RE: SMB overflow attacks Nick FitzGerald (Aug 27)
- RE: SMB overflow attacks John Schutz (Aug 27)
- SecurityFocus Website Ken Pfeil (Aug 30)
- <Possible follow-ups>
- RE: SMB overflow attacks Peter Gutmann (Aug 26)
- RE: SMB overflow attacks Jason Coombs (Aug 26)