RE: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?
From: Jim Harrison (ISA) (jmharr_at_microsoft.com)
Date: 06/24/05
- Previous message: Jim Harrison (ISA): "RE: ISA 2004 FTP SSL"
- Maybe in reply to: Nick Duda: "RE: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?"
- Next in thread: David LeBlanc: "RE: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?"
- Reply: David LeBlanc: "RE: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 24 Jun 2005 13:27:55 -0700 To: "Kern, Tom" <tkern@CHARMER.COM>, "Thor (Hammer of God)" <thor@hammerofgod.com>
Correct, but not all systems use SMB (W9x, for instance).
It's almost always a layer-8 issue when someone wants / needs this sort
of path opened.
Jim Harrison
Security Business Unit (ISA SE)
"When you come to a fork in the road, take it."
--Yogi Berra
-----Original Message-----
From: Kern, Tom [mailto:tkern@CHARMER.COM]
Sent: Friday, June 24, 2005 1:20 PM
To: Jim Harrison (ISA); Thor (Hammer of God)
Cc: focus-ms@securityfocus.com
Subject: RE: Using Messenger Service for 'Net Send' Functionality ---
Dangerous?Why?
why do you need netbios for file transfer?
smb/cifs operates over tcp/ip on port 445(which i would NEVER open to
the outside world), it doesn't need netbios. For name resolution use an
ip or a fqdn.
Jim Harrison (ISA) wrote:
> I've spoken to quite a few folks that believe allowing NetBIOS across
> your firewall is perfectly reasonable for file transfer functionality.
> I clearly don't agree with this proposition, but because SSH/FTPS is
> "unfamiliar", it's what they wanted.
>
> Jim Harrison
> Security Business Unit (ISA SE)
> "When you come to a fork in the road, take it."
> --Yogi Berra
>
>
> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]
> Sent: Friday, June 24, 2005 8:38 AM
> To: Jesse Weigert; Nick Duda
> Cc: focus-ms@securityfocus.com
> Subject: Re: Using Messenger Service for 'Net Send' Functionality ---
> Dangerous?Why?
>
> "Net send" first tries a netbios connection to deliver the message,
> and will
> then attempt delivery via UDP 135 (the endpoint mapper.)
>
> There is no functional reason why a firewall should be allowing
> netbios/f&p
> traffic or UDP135 into your network.
>
> T
>
> ------
> *Secure your infrastructure*
> Microsoft Ninjitsu: Securely Deploying MS Technologies
> security training delivered by Timothy Mullen.
> Registration now open for Blackhat Vegas 2005:
> http://www.blackhat.com/html/bh-usa-05/train-bh-usa-05-tm.html
>
>
>
>
>
>
>
>
> ----- Original Message -----
> From: "Jesse Weigert" <weigert@gravitec.com>
> To: "Nick Duda" <nduda@VistaPrint.com>
> Cc: <kurt.buff@gmail.com>; <michael.mailinglist@securityfocus.com>;
> "at"
>
> <gmail.com@securityfocus.com>; <focus-ms@securityfocus.com>
> Sent: Thursday, June 23, 2005 8:33 PM
> Subject: Re: Using Messenger Service for 'Net Send' Functionality ---
> Dangerous?Why?
>
>
>> I would like to add that there is malware which does just this.
>> Which is why sometimes even blocking the service at the firewall
>> doesn't stop the messenger spam.
>>
>> Nick Duda wrote:
>>> FYI, It's very easy to write a short VB app that:
>>>
>>> A. doesn't record net sends to event viewer
>>> B. can spoof the sending name of the computer (NetBIOS)
>>>
>>> - Nick
>
>
>
------------------------------------------------------------------------
> ---
>
------------------------------------------------------------------------
> ---
>
>
>
------------------------------------------------------------------------
--- > ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Jim Harrison (ISA): "RE: ISA 2004 FTP SSL"
- Maybe in reply to: Nick Duda: "RE: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?"
- Next in thread: David LeBlanc: "RE: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?"
- Reply: David LeBlanc: "RE: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
