Re: XP-SP2 "Feature"

From: Thor (thor_at_hammerofgod.com)
Date: 09/03/04

  • Next message: Jordan Wiseman: "RE: XP-SP2 "Feature""
    To: "Jordan Wiseman" <Jordan_Wiseman@Valleymed.org>, <focus-ms@securityfocus.com>, "Eric" <ews@tellurian.com>
    Date: Thu, 2 Sep 2004 17:44:14 -0700
    
    

    The CIFS implementation of SMB in Win2k supports many extended protocols,
    one of which is DFS. Part of the referral process when getting DFS
    configuration information includes verification of DC connectivity via ICMP.
    Similar startup/logon processes that use CIFS validate DC connectivity using
    ICMP as well.

    That's why the firewall config allows ICMP when FS over 445 is bound to the
    interface.

    T

    ----- Original Message -----
    From: "Eric" <ews@tellurian.com>
    To: "Jordan Wiseman" <Jordan_Wiseman@Valleymed.org>;
    <focus-ms@securityfocus.com>
    Sent: Thursday, September 02, 2004 1:00 PM
    Subject: Re: XP-SP2 "Feature"

    > Yes, I noticed this too. I'm gathering MS did this because some of their
    > apps that use 445 also use ICMP. I find it very frustrating that MS
    > didn't give an option to disable this.
    >
    > You can, however, workaround this for many circumstances. Instead of
    > using 445, use 139. If opening 139 only, ICMP is not force-enabled. 139
    > will do almost all of what 445 does - you can do all your file and print
    > sharing, systems management, etc. over 139, keeping 445 and ICMP closed.
    >

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Jordan Wiseman: "RE: XP-SP2 "Feature""