Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] Closing Port 139

From: "Jamie C. Pole" <jpole () JCPA COM>
Date: Thu, 12 Oct 2000 15:44:13 -0400
RE: [PEN-TEST] Closing Port 139
It doesn't work very well at all.  NT's packet filtering is really twitchy,
especially when dealing with those ports that are (nominally, at least)
involved in NT network services.

This gets even funnier with certain of the NT-based firewalls (MS Proxy
Server is NOT a firewall, by the way) that open more ports than they close.
It's always hysterical to hear a firewall vendor suggest that you need to
use OS-based packet filtering to close ports that can't be closed by their
firewall product.  :-)

The only reliable way to kill this port is by firewalling or router ACL's.

Jamie

--
Jamie C. Pole
Principal Consultant
J.C. Pole & Associates, Inc.

Purveyors of global commercial intelligence and counterintelligence services

PGP Fingerprint:  6F18 A0E2 DF95 B0F0 A954  A333 B3C4 663E 893A D6F2
--


----- Original Message -----
From: Anderson, Harry F.
To: PEN-TEST () SECURITYFOCUS COM
Sent: Thursday, October 12, 2000 1:46 PM
Subject: Re: [PEN-TEST] Closing Port 139


     How well does this work on just NT?  I have been told that the NT
packet filtering does not work consistantly with all ports.   I have wanted
to test it but there is just not enought time in the day.
  - Harry Anderson
Previous By Date Next
Previous By Thread Next

Current thread: