Re: [fw-wiz] Windows networking specifics (Was: re: Annoying pop-ups)
From: Mikael Olsson (mikael.olsson@clavister.com)
Date: 10/30/02
- Next message: Alex Ongena: "[fw-wiz] Dynamic execution of a script on arrival of a packet"
- Previous message: Paul D. Robertson: "Re: [fw-wiz] Iptables script"
- In reply to: Luca Berra: "Re: [fw-wiz] Annoying pop-ups"
- Next in thread: Mikael Olsson: "Re: [fw-wiz] Danger of telnet on w2k (Was: re: Annoying pop-ups)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Mikael Olsson <mikael.olsson@clavister.com> To: Luca Berra <bluca@comedia.it> Date: Wed Oct 30 10:22:01 2002
Luca Berra wrote:
>
> Mikael Olsson wrote:
> > Neil Ames wrote:
> > > [block port 139]
> > This is somewhat disconcerting.
> > [block port 445 too]
>
> there has been a precise question "which port is used for windows
> messaging popup, how do i stop it?" and a precise answer "port 139,
> icf". so please calm down.
Here's an abject lesson in windows networking:
- Block port 139, tcp as well as udp
Can connect to computer management interface
Can connect to remote registry
Can access all shares and printers
"net send" works
- Block ports 136-445, tcp as well as udp.
Can authenticate and connect to f.i. exchange servers and other
RPC services that do not require port 139/445 for auth.
"net send" still works
- Block ports 135-139, tcp as well as udp
Can connect to computer management interface
Can connect to remote registry
Can access all shares and printers
> btw icf is not that bad for a product embedded in a microshaft os
> stateful, blocks everything by default, so probably Neil's
> suggestion also answers your concerns.
http://support.microsoft.com/default.aspx?scid=KB;EN-US;q314757&
Please study, in detail, the section that says "the ICF does not block
incoming broadcast or multicast traffic", and especially the bit that
explains how f.i. UPnP can be broadcast. [1]
-- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com [1] Broadcasts can be directed across the Internet, too. This is why smurf amplification works.
- Next message: Alex Ongena: "[fw-wiz] Dynamic execution of a script on arrival of a packet"
- Previous message: Paul D. Robertson: "Re: [fw-wiz] Iptables script"
- In reply to: Luca Berra: "Re: [fw-wiz] Annoying pop-ups"
- Next in thread: Mikael Olsson: "Re: [fw-wiz] Danger of telnet on w2k (Was: re: Annoying pop-ups)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
