Re: change smb port on win2kpro
From: Karl Levinson [x y] mvp (levinson_k_at_despammed.com)
Date: 05/21/03
- Next message: MKMohan-MSN News: "@MSN Password"
- Previous message: Me: "Re: My Security and Hacking Book"
- In reply to: falcon: "Re: change smb port on win2kpro"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 21 May 2003 00:41:30 -0400
Unless I've misunderstood, I still think my answer would be the same...
either IPsec VPN or SSH. I would think there should be no need for an
intermediate machine to do any of these. I believe SSH can also be set up
to redirect to a different port number.
I have no idea whether this would work with SMB, but some protocols can be
redirected to other ports either by using something like netcat or maybe
even by editing the /etc/services file. Even if one of these methods did
work for SMB, it wouldn't be as good as using one of the methods above which
provide encryption.
You probably already know this, but still I feel obligated to mention that
it would be a less than perfect firewall that just blocks the SMB ports
while leaving all the other 130,000 TCP and UDP ports open. Best is to
close all but leave some open. I recognize that you may not have access to
reconfigure the firewall.
"falcon" <falconqc@hotmail.com> wrote in message
news:06cc01c31f4d$a953f360$a601280a@phx.gbl...
> ok, ill just clarify this a little just in case it helps
> you help me a bit better =D
>
> to start off, i do not have access to the firewall, and i
> totally agree with the restrictions currently put in place
> by it.
>
> second, im trying to "mount" files between a linux machine
> and a windows machine. The windows machine would be
> the "server" as i would mount the shares using smbmount on
> the linux machine to have a simili VPN running between the
> two boxes, enabling me to do transfers w/o using an ftp.
>
> finally,SSH ports on the firewall are open, as i can log
> on to the linux machine using PuTTy on my windows machine.
>
> Ideally, i would like to set this up without an
> intermediate machine acting as a tunnel, but rather have
> smb broadcasted on a different port, or if ssh can still
> be used to tunnel in the manner you described, that might
> be even better.
>
>
> >-----Original Message-----
> >There's a reason for that - SMB isn't secure and
> shouldn't be done across
> >the internet [especially when you're interacting with
> older SMB
> >implementations like Samba]. Some recommendations
> instead would be to use
> >some sort of encrypted protocol instead of or in addition
> to SMB, such as
> >SSH [see www.networksimplicity.com ] or IPSec VPN either
> to the server or to
> >the firewall or VPN server. The link below suggest ways
> you might tunnel
> >SMB through SSH:
> >
> >http://www.google.com/search?hl=en&ie=ISO-8859-
> 1&q=ssh+samba+OR+smb+tunnel
> >
> >Note that doing either of these may still require
> modifying the firewall
> >rules, depending on what ports are open.
> >
> >If you really wanted to, you could look into modifying
> the firewall rules to
> >let SMB through just from your IP address, but this
> wouldn't be encrypting
> >your traffic, so isn't really recommended... also, if you
> have a dynamic /
> >changing IP address, this might be tricky. If you still
> wanted to do this,
> >see here:
> >
> >http://securityadmin.info/faq.htm#6.10
> >
> >
> >"falcon" <falconqc@hotmail.com> wrote in message
> >news:0ad401c31f03$1cefdaf0$a001280a@phx.gbl...
> >> Im trying to change the smb ports of my machine without
> >> adding another machine to tunnel the ports.
> >>
> >> Im Trying to mount my home network shares on a linux
> >> machine using smbmount, only problem is that the the
> >> internet connection of the linux server is protected by
> a
> >> firewall that blocks all outbound and inbount traffic on
> >> ports 135-139 and 445, disabling my ability to set an
> >> external smb connection.
> >
> >
> >.
> >
- Next message: MKMohan-MSN News: "@MSN Password"
- Previous message: Me: "Re: My Security and Hacking Book"
- In reply to: falcon: "Re: change smb port on win2kpro"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
