RE: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?
From: Jim Harrison (ISA) (jmharr_at_microsoft.com)
Date: 06/24/05
- Previous message: Nick Duda: "RE: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?"
- Maybe in reply to: Nick Duda: "RE: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?"
- Next in thread: Jim Harrison (ISA): "RE: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 24 Jun 2005 12:08:00 -0700 To: "Thor (Hammer of God)" <thor@hammerofgod.com>
I've spoken to quite a few folks that believe allowing NetBIOS across
your firewall is perfectly reasonable for file transfer functionality.
I clearly don't agree with this proposition, but because SSH/FTPS is
"unfamiliar", it's what they wanted.
Jim Harrison
Security Business Unit (ISA SE)
"When you come to a fork in the road, take it."
--Yogi Berra
-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]
Sent: Friday, June 24, 2005 8:38 AM
To: Jesse Weigert; Nick Duda
Cc: focus-ms@securityfocus.com
Subject: Re: Using Messenger Service for 'Net Send' Functionality ---
Dangerous?Why?
"Net send" first tries a netbios connection to deliver the message, and
will
then attempt delivery via UDP 135 (the endpoint mapper.)
There is no functional reason why a firewall should be allowing
netbios/f&p
traffic or UDP135 into your network.
T
------
*Secure your infrastructure*
Microsoft Ninjitsu: Securely Deploying MS Technologies
security training delivered by Timothy Mullen.
Registration now open for Blackhat Vegas 2005:
http://www.blackhat.com/html/bh-usa-05/train-bh-usa-05-tm.html
----- Original Message -----
From: "Jesse Weigert" <weigert@gravitec.com>
To: "Nick Duda" <nduda@VistaPrint.com>
Cc: <kurt.buff@gmail.com>; <michael.mailinglist@securityfocus.com>; "at"
<gmail.com@securityfocus.com>; <focus-ms@securityfocus.com>
Sent: Thursday, June 23, 2005 8:33 PM
Subject: Re: Using Messenger Service for 'Net Send' Functionality ---
Dangerous?Why?
> I would like to add that there is malware which does just this. Which
> is why sometimes even blocking the service at the firewall doesn't
stop
> the messenger spam.
>
> Nick Duda wrote:
> | FYI, It's very easy to write a short VB app that:
> |
> | A. doesn't record net sends to event viewer
> | B. can spoof the sending name of the computer (NetBIOS)
> |
> | - Nick
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Nick Duda: "RE: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?"
- Maybe in reply to: Nick Duda: "RE: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?"
- Next in thread: Jim Harrison (ISA): "RE: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
