Full Disclosure mailing list archives
Re: TCP Port 42 port scans? What the heck over...
From: Matt Ostiguy <ostiguy () gmail com>
Date: Wed, 15 Dec 2004 10:27:31 -0500
On Wed, 15 Dec 2004 09:58:18 -0500, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:
On Mon, 13 Dec 2004 14:33:42 EST, Matt Ostiguy said:found an exploitable bug in the WINS service. Still, given how few people one would expect to have that port accessible through a firewall, or just how low the percentage of windows servers running WINS isDo you have any actual data showing that either of those two numbers is low, or are you relying on "if people have clue, these will be low"?
Educated guess. Some reasons: 1. A single site /single subnet Windows shop can generally survive without WINS - systems will battle to act as ad hoc browse master, which will maintain the browse list of resources for network neighborhood which it compiles from local subnet broadcasts. This allows tons of places to run without WINS. If you have ever heard people talk about Windows boxes being chatty from a network perspective - this broadcast stuff is why. 2. WINS isn't installed by default on Win2k or 2k3, and I am fairly certain it wasn't a default install on NT 4 either. DNS is required for Active Directory on win2k and win2k3. 3. I can't think of a good reason to open WINS through a firewall. Generally one would expect places with multiple sites to use site to site connections, IPSec tunnels, and end user VPN tunnels, all of which would negate the need to open it through the firewall. 4. Most places likely have 1 or 2 WINS servers per site. Any more, and you are likely increasing pain and complexity (with push-pull replication issues, etc) versus minimal redundancy gain. So, DNS is about a universal requirement as there is these days, and a fair of people are probably exposing their MS DNS service through the firewall. A fair number are probably running MS DNS internally, and doing something different externally, for security and/or usage of NAT reasons (their DNS server would resolve www.smallbizdomain.com to 192.168.1.2 if exposed to the net). I really cannot think of any reason why anyone would expose WINS through a firewall, so it probably leaves the few, the hardy, the stupid who have no firewall whatsoever. Matt _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: TCP Port 42 port scans? What the heck over..., (continued)
- RE: TCP Port 42 port scans? What the heck over... Dave Killion (Dec 13)
- RE: Cipher Tool richard capistrano (Dec 15)
- Re: RE: Cipher Tool James Tucker (Dec 18)
- Re: RE: Cipher Tool Ron DuFresne (Dec 22)
- Re: RE: Cipher Tool Willem Koenings (Dec 22)
- RE: Cipher Tool richard capistrano (Dec 15)
- Re: TCP Port 42 port scans? What the heck over... Ron (Dec 14)
- Re: TCP Port 42 port scans? What the heck over... Daniel F. Chief Security Engineer - (Dec 14)
- Re: TCP Port 42 port scans? What the heck over... Maxime Ducharme (Dec 14)
- Re: TCP Port 42 port scans? What the heck over... Matt Ostiguy (Dec 14)
- Re: TCP Port 42 port scans? What the heck over... Valdis . Kletnieks (Dec 22)
- Re: TCP Port 42 port scans? What the heck over... Matt Ostiguy (Dec 22)
- Re: TCP Port 42 port scans? What the heck over... Ron DuFresne (Dec 22)
- Re: TCP Port 42 port scans? What the heck over... Valdis . Kletnieks (Dec 22)
- Re: TCP Port 42 port scans? What the heck over... Ron DuFresne (Dec 22)
- Re: TCP Port 42 port scans? What the heck over... Dave Aitel (Dec 22)
- Re: TCP Port 42 port scans? What the heck over... Valdis . Kletnieks (Dec 22)
- RE: TCP Port 42 port scans? What the heck over... Dave Killion (Dec 13)
- Re: TCP Port 42 port scans? What the heck over... Niek (Dec 15)
- Re: TCP Port 42 port scans? What the heck over... Kevin Finisterre (Dec 15)
- Re: TCP Port 42 port scans? What the heck over... wastedimage (Dec 16)
- Re: TCP Port 42 port scans? What the heck over... Valdis . Kletnieks (Dec 22)