Re: [fw-wiz] Annoying pop-ups

From: Mikael Olsson (mikael.olsson@clavister.com)
Date: 10/28/02 

From: Mikael Olsson <mikael.olsson@clavister.com>
To: "Ames, Neil" <NAmes@anteon.com>
Date: Mon Oct 28 20:43:21 2002

"Ames, Neil" wrote:
>
> David,
> Port 139 (SMB, Command: SMBsends). "Internet Connection Firewall"
> will block it. You may have to spend some time with rules to get what you
> want through the firewall--and may give up and buy one that is easier to
> configure--but that's better than the situation that you appear to be in.

This is somewhat disconcerting.

You _REALLY_ should be blocking all of 135--139, TCP as well as UDP,
PLUS port 445, that got introduced in windows 2000.

Windows networking is a lot more than just port 139, folks.
Some of the not-so-clueful hackers haven't picked up on that yet,
but it's a safe bet that the clueful ones have.

And while you're on it:
PLUS port 5000 (UPnp .. eww) that windows XP brought us, including
     one publicly announced exploitable buffer overrun.

PLUS port 23 (Telnet!)
     Sure, it isn't on by default, but people found ways to abuse DCOM to
     turn it on remotely. Uh oh.
PLUS port 3389 (Terminal Services) just because of that remote assistance
     crap that his Billness decided that everyone and his grandma needs.
     (Neither on by default, but ...)
PLUS ... you get the picture. 

-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com