Re: just simple facts

From: x y (jamescagney90210@yahoo.com)
Date: 05/05/02

• Next message: x y: "Re: HTTP email security"
• Previous message: Umer: "Re: just simple facts"
• In reply to: V4: "just simple facts"
• Next in thread: V4: "Re: just simple facts"
• Reply: V4: "Re: just simple facts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "x y" <jamescagney90210@yahoo.com>
Date: Sun, 5 May 2002 13:09:05 -0400

Client for MS Networks should have nothing to do with caching DUN. Your ISP
is insane and sadly mistaken for saying there are no vulnerabilities in
allowing MS networking on the internet. Netbios is one of the most common
things hackers scan for and exploit. If you don't have a firewall, by
default you're vulnerable to all sorts of things such as: remote enumeration
of all your IDs and share names, brute force hacking of the admin password
as the admin account is usually set to never be locked out, and the hackers
can get your computer to send the password hash for your currently logged in
user ID and use L0phtcrack to get your password from it. Very bad.

On the other hand, your ISP is probably not responsible for or competent at
troubleshooting the cached password problem, as it sounds like a Microsoft
Windows issue. That password is I think cached in the registry, perhaps
deleting the DUN icon and the registry setting [or wherever the password is
cached] might help. Failing that, getting help from the appropriate
newsgroup or by calling Microsoft might be the next step.

"V4" <dontmailme@overyonderblueyonder.co.uk> wrote in message
news:tp_A8.21784$Gc5.152789021@news-text.cableinet.net...
> I'm tired, I've been reading too much. I admit I'm a security novice but I
> am willing to learn. Unfortunately, after following some web-based
> recommendations I find someone else attacking me for my new found beliefs.
> So, I read some more [their adivce] and that is 'trashed' by another
> know-it-all, and so it goes on.
>
> I'm very busy studying Windows 2000 Server [among other things] so I hate
> wasting my time.
> Simply, I want to know what enabling 'Client for Microsoft Networks'
> does/allow.
>
> It all stems from Win2K Server DUN 'deleting' the saved dialup password
when
> encountering an ISP Authentication error - i.e. My ISP, for whatever
reason
> may refuse my credentials (which are correct and have been successfully
> accepted previously) and the connection is refused. DUN will then redial
> but, as I have discovered, it now has no password to pass on (confirmed by
> opening DUN settings where the password had mysteriously disappeared) and
> will loop in this failed authentication/redial process until limits are
> reached or human interaction occurs.
>
> My ISP recommended I re-enabled 'Client for Microsoft Networks' to cure
this
> fault, stating this process is required to "cache" my password. This
caused
> me some concern as I'd just followed several security articles claiming
> Client for Microsoft Networks and File and Print Sharing are not required
> for Internet access and should be disabled/uninstalled.
>
> In my endeavour to question the wisdom of my ISP I was "told" by others
that
> I was [insert derogatory phrases] and pointed to many links that were,
IMO,
> personal attacks of GRC aka Steve Gibson. With patience, I read through
> article after article of how "although I generally agree and cannot fault
> his reasoning...but I cannot agree xxxxxx-statement is entirely true or
> proved..." and came up with nothing concrete. They really do generally
> agree. Most of this appears to stem from the Linux vs Windows gangs - I
> don't want to go there at all - I'm forced to use Windows and I'm stuck
with
> it, end of.
>
> Please, I just want facts.
> What are the vulnerabilities of Client for Microsoft Networks [NOT File &
> Print Sharing]?
> How does it work?
> Is it required to remember DUN passwords?
> Why would an ISP 'recommend' it be installed for Internet access?
>
> All input welcome and thank you for reading [listening to] this.
>
>

---

• Next message: x y: "Re: HTTP email security"
• Previous message: Umer: "Re: just simple facts"
• In reply to: V4: "just simple facts"
• Next in thread: V4: "Re: just simple facts"
• Reply: V4: "Re: just simple facts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: just simple facts ... if u dont have client.. ... ISP would recommend to hide their problem of authentication so u dont have ... I want to know what enabling 'Client for Microsoft Networks' ... DUN will then redial ... (microsoft.public.win2000.security) Re: What Benefits does Exchange have over POP? ... If you don't like the Outlook interface, ... would see nothing in a web mail client (a couple of my clients on POP ... all of your ISP clients did that, they would have even more problems. ... We only have 15 users and they don't poll in real ... (microsoft.public.windows.server.sbs) Re: problem with connect computer wizard - permission issue ... The ISP provided a cisco IAD2400, ... --> SBS machine ... --> client 1 ... and these devices hold the public IP, not the server. ... (microsoft.public.windows.server.sbs) RE: looking for a hub or switch that can connect a VPN and apply firewallrules to all ports ... This configuration is known as "split tunnelling", ... The normal alternative is for all branch office client traffic to be ... through the corporate filters/firewalls and ISP. ... It's even possible that your current client and tunnel configurations ... (Security-Basics) Re: Unable to send attachments still ... I am going through an ISP called TPG. ... MS MVP - Outlook Express ... an e-mail client. ... (microsoft.public.windows.inetexplorer.ie6_outlookexpress)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)