Open udp netbios ports.

Top Page
This message is part of the following thread:
M----\the complete thread tree sorted by date
M+-\.Mtechnomage at <-
MM\M\MEntelin at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Craig White
Date:  
Subject: Open udp netbios ports.
On Sat, 2003-03-15 at 03:17, Entelin wrote:
> I have a client I am trying to convince to install a firewall, (eather
> iptables or preferably cisco PIX). They have practicly every service
> under the sun open, the only reason their tcp netbios ports are closed
> is because cox filters them. The only reason I am having to convince
> them of anything is because they have another linux tech working for
> them and he is somehow convinced that they are completely secure "at the
> deamon level" wrote a big email to my client saying they dident need to
> install a firewall, or even close totaly unused ports on their box!
> (they even had echo and chargen open before I at least convinced them to
> close those ie: forged packet between echo and chargen = storm).
> nevermind the two root exploits their sendmail is at risk for. and the
> password sniffing of their login,telnet etc.. god..
>
> ANYWAY sorry for that rant. back on topic I was wondering if I could do
> anything with these udp ports in absence of the filtered tcp netbios
> ports. ? as in gain any kind of access or DoS.
> 
> 137/udp    open        netbios-ns              
> 138/udp    open        netbios-dgm             
> 139/udp    open        netbios-ssn

>
-----
You are not giving us enough info to make a suggestion that would be
anything but generic.

I can't assume that all of these machines have public ip addresses from
Cox.

I have found that it isn't meaningful to continue to implore the need
for security, sometimes, people/companies need to learn the lesson
first. If you want to dramatically show them what you are talking about,
write a report that includes:
- nmap OS fingerprint scan of some of these boxes as they appear from
the internet.
- nmap OS fingerprint scan of a thoroughly secured firewall and/or PIX
router.
- give them links to www.insecure.org/sploits.html and bugtraq
- a security audit is far more than scans for open ports. When you
mention echo & chargen, you aren't mentioning the state of
/etc/hosts.allow & /etc/hosts.deny, password policies, switches instead
of hubs, intrusion detection tools and on and on. The problem is that
when you bring up this stuff to someone that doesn't think that there is
a problem, you become the problem.
- leave the topic with a small amount of...if you fall out of the tree
and break your leg, don't come running to me attitude.

As for the Netbios ports...from where to where and how does network
access internet? As you said, Cox filters netbios ports (out of
necessity since otherwise, their bandwidth would be consumed by netbios
broadcasts/traffic).

ps...I hope that you spell check your emails to your client, here you
don't need to but to them, you apparently do and Cisco PIX is probably a
bit of overkill unless VOIP is slated to happen. Cisco has cheaper
routers/firewalls.

Craig


This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Open udp netbios ports.Off-Shore Engineering->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)