Open udp netbios ports.

David Mandala plug-discuss@lists.plug.phoenix.az.us
15 Mar 2003 10:20:46 -0700


See http://lwn.net/Articles/25578/ for a critical SAMBA bug. Can take
over the machine at the root level. Just released by the SAMBA team.

The SAMBA team recommends immediate upgrade to avoid security problems.

Cheers,

Davidm

On Sat, 2003-03-15 at 08:49, Entelin wrote:
> Well I dont want to give his name out :) Actually hes not completely a
> nutbar, apparently he is on security topics. He's actually very
> experienced with linux/unix, and has written a number of programs they
> use internaly. I think the issue is that hes a bit stuck in the past
> when it comes to his mentality on security topics. However he really did
> piss me off going behind my back like that he even said in his email to
> her to not to talk to me about this without talking to him first.
> 
> On Sat, 2003-03-15 at 04:02, technomage wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > who is this "nutbar" who thinks they are totoally secure? I'd like to know so 
> > that I can avoid meeting him unless I have reason to.
> > 
> > totally secure = power supply isolated, non-networked machine behind 2 layers 
> > of steel doors and lots of guards.
> > 
> > anything else is debatable.
> > 
> > Technomage
> > 
> > On Saturday 15 March 2003 03:17 am, Entelin wrote:
> > > I have a client I am trying to convince to install a firewall, (eather
> > > iptables or preferably cisco PIX). They have practicly every service
> > > under the sun open, the only reason their tcp netbios ports are closed
> > > is because cox filters them. The only reason I am having to convince
> > > them of anything is because they have another linux tech working for
> > > them and he is somehow convinced that they are completely secure "at the
> > > deamon level" wrote a big email to my client saying they dident need to
> > > install a firewall, or even close totaly unused ports on their box!
> > > (they even had echo and chargen open before I at least convinced them to
> > > close those ie: forged packet between echo and chargen = storm).
> > > nevermind the two root exploits their sendmail is at risk for. and the
> > > password sniffing of their login,telnet etc.. god..
> > >
> > > ANYWAY sorry for that rant. back on topic I was wondering if I could do
> > > anything with these udp ports in absence of the filtered tcp netbios
> > > ports. ? as in gain any kind of access or DoS.
> > >
> > > 137/udp    open        netbios-ns
> > > 138/udp    open        netbios-dgm
> > > 139/udp    open        netbios-ssn
> > >
> > > Thanks :)
> > >
> > > ---------------------------------------------------
> > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> > > To subscribe, unsubscribe, or to change  you mail settings:
> > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> > 
> > - -- 
> > I will not be pushed, filed, stamped, indexed, briefed, debriefed, or 
> > numbered!
> > My life is my own - No. 6
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.0.7 (GNU/Linux)
> > 
> > iD8DBQE+cwhOn/usgigAaLcRAs79AJ9Tty91a3ZorlD3pgKL9dBRRJSSzACeKW4U
> > 6v2lRe90Uh6uuJYQKty5ihg=
> > =hUiC
> > -----END PGP SIGNATURE-----
> > 
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change  you mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change  you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
-- 
David IS Mandala
gpg fingerprint 8932 E7EF CCF5 1B8C 1B5C A92E C678 795E 45B2 D952
Phoenix, AZ (480) 460-7545 HP, (602) 741-1363 CP
http://www.them.com/~davidm/