Re: [PEN-TEST] Closing Port 139

["Costa, Andrew" <Andrew.Costa () CITIZENSBANK COM>]

If you are auditing via the LAN or you are auditing outside of the LAN, but
have a route somehow into the LAN (maybe router mis-config?) then you will
get WINS services on your scan. Also, if your registry or SNMP is dishing
out info, you will get a report that WINS is running even if you can't
connect to it. Do a full security hardening on the OS to fix these types of
problems.

IMHO, optimal security for your setup would be to run ONLY TCP/IP on the
proxy; it should not have any ties to your internal LAN, i.e. domain
membership. The router should be doing port filtering on both inbound and
outbound traffic. Consider putting  a FW between your Proxy and the router,
and create a DMZ. If you want a quick fix, set the IP security on the
proxy's inside NIC to deny all ports except those required for proxy access,
and limit internal NIC access to only valid IP ranges in your LAN.

Andrew

> -----Original Message-----
> From: Kasey Speakman [mailto:kspeakman () DSENGINEERING COM]
> Sent: Thursday, October 12, 2000 9:54 AM
> To: PEN-TEST () SECURITYFOCUS COM
> Subject: [PEN-TEST] Closing Port 139
>
>
> How do I close this port?  The situation is that we are using
> an NT Server
> machine with MS Proxy Server.  There are no shares on this
> computer.  The
> computer has 2 nics.  One goes to the LAN, and the other goes
> to our router.
> I have the internet nic unbound from the WINS on both the
> server and the
> workstation services, but the other card is bound to the WINS on both
> services.  Auditing tools still show that the port is open,
> even though it
> won't give anyone any connections, but I don't want any
> attention being
> drawn to it by that port being open at all.  Help will be appreciated!
>
> Thanks,
>
> Kasey