Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] Closing Port 139

From: "Deus, Attonbitus" <Thor () HammerofGod Com>
Date: Thu, 12 Oct 2000 15:25:18 -0700
RE: [PEN-TEST] Closing Port 139You won't get stateful inspection of packets
until ISA Server is out later this year...

NT's Advanced TCP/IP options will otherwise block any port not selected
under TCP/UDP.  You have to select the protocol as well.

To answer your other question, I have never experienced any odd behavior
when using the OS filtering, and have always had expected results when
testing against it.  It is also an easy way to help tighten up your
application servers.

---------------------------------------------------------
Attonbitus Deus
thor () hammerofgod com


----- Original Message -----
From: Frank Dimina
To: PEN-TEST () SECURITYFOCUS COM
Sent: Thursday, October 12, 2000 12:14 PM
Subject: Re: [PEN-TEST] Closing Port 139


Another question on this subject, is the NT TCP/IP filtering stateful or
does it just filter all packets on a port? (I am talking about the OS
filtering, not the proxy server feature)?


-----Original Message-----
From: Anderson, Harry F. [mailto:HFANDERS () OPM GOV]
Sent: Thursday, October 12, 2000 1:47 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] Closing Port 139


     How well does this work on just NT?  I have been told that the NT
packet filtering does not work consistantly with all ports.   I have wanted
to test it but there is just not enought time in the day.
  - Harry Anderson
-----Original Message-----
From:   Ansar Mohammed [SMTP:amohammed () CARIB-LINK NET]
Sent:   Thursday, October 12, 2000 11:53 AM
To:     PEN-TEST () SECURITYFOCUS COM
Subject:        Re: [PEN-TEST] Closing Port 139
Both Microsoft Windows NT and Proxy Server provide packet filtering at the
NIC level.
It can be accessed from the Security Tab of the Proxy Server properties and
the network applet of control panel.

-----Original Message-----
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
Of Kasey Speakman
Sent: Thursday, October 12, 2000 9:54 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Closing Port 139


How do I close this port?  The situation is that we are using
an NT Server
machine with MS Proxy Server.  There are no shares on this
computer.  The
computer has 2 nics.  One goes to the LAN, and the other goes
to our router.
I have the internet nic unbound from the WINS on both the
server and the
workstation services, but the other card is bound to the WINS on both
services.  Auditing tools still show that the port is open,
even though it
won't give anyone any connections, but I don't want any
attention being
drawn to it by that port being open at all.  Help will be appreciated!

Thanks,

Kasey



-------------------------------
--  Even though this E-Mail has been scanned and found clean of
--  known viruses, OPM can not guarantee this message is virus free.
-------------------------------
--  This message was automatically generated.
-------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: