Penetration Testing mailing list archives
Re: [PEN-TEST] Closing Port 139
From: "Deus, Attonbitus" <Thor () HammerofGod Com>
Date: Thu, 12 Oct 2000 15:25:18 -0700
RE: [PEN-TEST] Closing Port 139You won't get stateful inspection of packets until ISA Server is out later this year... NT's Advanced TCP/IP options will otherwise block any port not selected under TCP/UDP. You have to select the protocol as well. To answer your other question, I have never experienced any odd behavior when using the OS filtering, and have always had expected results when testing against it. It is also an easy way to help tighten up your application servers. --------------------------------------------------------- Attonbitus Deus thor () hammerofgod com ----- Original Message ----- From: Frank Dimina To: PEN-TEST () SECURITYFOCUS COM Sent: Thursday, October 12, 2000 12:14 PM Subject: Re: [PEN-TEST] Closing Port 139 Another question on this subject, is the NT TCP/IP filtering stateful or does it just filter all packets on a port? (I am talking about the OS filtering, not the proxy server feature)? -----Original Message----- From: Anderson, Harry F. [mailto:HFANDERS () OPM GOV] Sent: Thursday, October 12, 2000 1:47 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Closing Port 139 How well does this work on just NT? I have been told that the NT packet filtering does not work consistantly with all ports. I have wanted to test it but there is just not enought time in the day. - Harry Anderson -----Original Message----- From: Ansar Mohammed [SMTP:amohammed () CARIB-LINK NET] Sent: Thursday, October 12, 2000 11:53 AM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Closing Port 139 Both Microsoft Windows NT and Proxy Server provide packet filtering at the NIC level. It can be accessed from the Security Tab of the Proxy Server properties and the network applet of control panel.
-----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Kasey Speakman Sent: Thursday, October 12, 2000 9:54 AM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] Closing Port 139 How do I close this port? The situation is that we are using an NT Server machine with MS Proxy Server. There are no shares on this computer. The computer has 2 nics. One goes to the LAN, and the other goes to our router. I have the internet nic unbound from the WINS on both the server and the workstation services, but the other card is bound to the WINS on both services. Auditing tools still show that the port is open, even though it won't give anyone any connections, but I don't want any attention being drawn to it by that port being open at all. Help will be appreciated! Thanks, Kasey
------------------------------- -- Even though this E-Mail has been scanned and found clean of -- known viruses, OPM can not guarantee this message is virus free. ------------------------------- -- This message was automatically generated. -------------------------------
Current thread:
- Re: [PEN-TEST] Closing Port 139, (continued)
- Re: [PEN-TEST] Closing Port 139 Deus, Attonbitus (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Costa, Andrew (Oct 12)
- [PEN-TEST] Closing Port 139 Kasey Speakman (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Ansar Mohammed (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Deus, Attonbitus (Oct 12)
- Re: [PEN-TEST] Closing Port 139 SMILER (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Marc Maiffret (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Tim Crothers (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Walling, Ken (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Frank Dimina (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Deus, Attonbitus (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Frank Dimina (Oct 13)
- Re: [PEN-TEST] Closing Port 139 Deus, Attonbitus (Oct 13)
- Re: [PEN-TEST] Closing Port 139 Erik Birkholz (Oct 14)
- Re: [PEN-TEST] Closing Port 139 David Pick (Oct 14)