Re: Hijack well-known ports
From: Duane Arnold (notme_at_notme.com)
Date: 04/02/04
- Next message: Lars M. Hansen: "Re: Firewall rules for AD and mapping network share"
- Previous message: Lars M. Hansen: "Re: What do I believe?"
- In reply to: Chris: "Hijack well-known ports"
- Next in thread: NeoSadist: "Re: Hijack well-known ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 02 Apr 2004 12:36:27 GMT
"Chris" <mclo@asia.com> wrote in message
news:2d44b924.0404020013.7d0bd030@posting.google.com...
> I have a LAN with personal firewall installed on all workstations.
> If the firewall rules for the worskstation are:
> 1. Allow all outgoing traffic
> 2. Allow incoming traffic if the remote port is 445
>
> Scneario:
> An intruder hacked workstation and hijacked port 445.
>
> Question:
> 1. Is the scenario possible? i.e. Is it possible to hijack port 445 or
> well-known ports (<1024)?
> 2. Will intruder allowed to access all workstation?
> 3. How should I modified the rules to increase security?
The Windows Networking ports are 137-138 TCP and 139/(445 NT only) UDP. You
should set rules to allow inbound and outbound traffic for all LAN IP(s) on
the ports. If this is a work place LAN and the machines are behind a FW
appliance solution, then why are you even bothering with this?
Secondly, if these are Win 2K or better machines that are not mobile
machines such as laptops that can be taken home, then why bother with a
personal FW solution period on the NT based O/S, since a average user of the
workstation wouldn't know what to do if the personal FW started asking
questions on application control due to some new program element being
introduced to the machine?
You can implement an IPsec solution on the LAN machines on the NT based O/S
that will work just as well as a third party personal host based FW solution
and one doesn't have to keep upgrading IPsec on the machine like is done
with a personal host based FW solution with new releases.
It's a simple task with the base template of AnalogX SecPol rules that can
be implemented on the NT based O/S for the LAN machines.
http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
http://www.analogx.com/contents/articles/ipsec.htm
On the XP based machines, one can just implement ICF and possibly IPsec and
forget about some complicated third party solution.
Duane :)
- Next message: Lars M. Hansen: "Re: Firewall rules for AD and mapping network share"
- Previous message: Lars M. Hansen: "Re: What do I believe?"
- In reply to: Chris: "Hijack well-known ports"
- Next in thread: NeoSadist: "Re: Hijack well-known ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
