RE: SUMMARY: SMB overflow attacks

From: Peter Gutmann (pgut001@cs.auckland.ac.nz)
Date: 08/30/02 

Date: Fri, 30 Aug 2002 17:25:09 +1200 (NZST)
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: jasonc@science.org, vuln-dev@security-focus.com

"Jason Coombs" <jasonc@science.org> writes:

>UPDATE: I double-checked and in fact was able to stop port 445 from binding
>at all under Windows 2000 using the following Registry key:
>
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
>
>under this key remove the default value "\Device\" from the TransportBindName
>REG_SZ value. upon reboot, port 445 is gone completely, both TCP and UDP.

Wonderful! One minor comment on this, removing the entire TransportBindName
has the same effect and can be done automatically with a regdel
(http://www.flos-freeware.ch/regdel.html) script at boot time. This is
somewhat safer than a one-off edit of a value entry, since these sorts of
things have a nasty self-healing capability which occurs when applying service
packs or making changes to network configs.

Peter.

Relevant Pages

  • Re: reg.exe script error
    ... > list of installed Hotfixes, ... > Windows XP Shell/User ... >>>> I get the following message whether or not the registry key is ...
    (microsoft.public.windowsxp.configuration_manage)
  • Re: Really persistent BITS belly up
    ... You are a Windows God! ... Your fix worked. ... uninstall deleted that Registry key. ... > torgeir, Microsoft MVP Scripting, Porsgrunn Norway ...
    (microsoft.public.windowsupdate)
  • Re: DVD drive not reading sometimes after SP3
    ... Boot to Safe Mode and log on as the default "Administrator" account. ... Click the registry key for the user that is currently logged on and ensure that Read and Full Control are both set to Allow. ... There are no issues in device manager, I double checked for windows updates ... and there are none since reloading the computer 2 weeks ago, ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Common message store - 2 operating systems - long
    ... Set up OE on one partition the way you want it. ... Boot to another OS. ... Open regedit and delete the Identities registry key and the Internet ... I have done this successfully while I had Windows ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: problem opening excel-word-access (office files in general ) double clicking in Windows
    ... I understand that you have disconnect to the network to test the issue. ... under Windows Safe mode, ... Repeat the step 2-4 for the following registry key. ... problem opening excel-word-access (office files in general) ...
    (microsoft.public.office.setup)