Re: just simple facts
From: V4 (dontmailme@overyonderblueyonder.co.uk)
Date: 05/05/02
- Next message: Ralph Malone: "modifying group "user" rights"
- Previous message: V4: "Re: just simple facts"
- In reply to: x y: "Re: just simple facts"
- Next in thread: Soro: "Re: just simple facts"
- Reply: Soro: "Re: just simple facts"
- Reply: x y: "Re: just simple facts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "V4" <dontmailme@overyonderblueyonder.co.uk> Date: Sun, 05 May 2002 17:39:18 GMT
Hi xy,
I can only find an article relating to NT4 where Client is required to save
(maybe cache was a poor choice) the passwrod and I believe my ISP thinks
this works on Win2K as well. Losing the password is not an issue so much as
is the resulting and conflicting advice which really confuses me. All day
long I get blocked port UDP 137's from different IP's and wonder if I'm
inadvertantly advertising anything. I don't know if I should allow
broadcasts out to the internet, my server was just blocked from sending 124
IGMP type17's whatever that's all about. Oh my head hurts...
I've run web-based tests without my firewall running and discovered what you
say is true about Client opening up ID's and share names though I've been
called foolish for believing it is a "real threat".
I'm trying to configure Zonealarm but as I practice more Win2K Server
services I need to what to allow and more importantly, what exactly it is
I'm allowing! Being told port 139 is open tells me jack in reality. Being
told it's an epmap or whatever, doesn't help either :(
Where can I find simple facts - grc recommend one thing and grcsucks.com
refute it and most stuff I read doesn't even relate to Win2K as the network
configurations are different as well as the implications of
enabling/disabling components. I found one MS document that states disabling
Client doesn't disable File and Print sharing and then I discover Client
can't be removed from a dialup adapter only, it gets removed from my LAN
adapter also...
It seems trying to solve one problem invites 10x more :(
Thanks
"x y" <jamescagney90210@yahoo.com> wrote in message
news:eVwZieF9BHA.2128@tkmsftngp04...
> Client for MS Networks should have nothing to do with caching DUN. Your
ISP
> is insane and sadly mistaken for saying there are no vulnerabilities in
> allowing MS networking on the internet. Netbios is one of the most common
> things hackers scan for and exploit. If you don't have a firewall, by
> default you're vulnerable to all sorts of things such as: remote
enumeration
> of all your IDs and share names, brute force hacking of the admin password
> as the admin account is usually set to never be locked out, and the
hackers
> can get your computer to send the password hash for your currently logged
in
> user ID and use L0phtcrack to get your password from it. Very bad.
>
> On the other hand, your ISP is probably not responsible for or competent
at
> troubleshooting the cached password problem, as it sounds like a Microsoft
> Windows issue. That password is I think cached in the registry, perhaps
> deleting the DUN icon and the registry setting [or wherever the password
is
> cached] might help. Failing that, getting help from the appropriate
> newsgroup or by calling Microsoft might be the next step.
>
> "V4" <dontmailme@overyonderblueyonder.co.uk> wrote in message
> news:tp_A8.21784$Gc5.152789021@news-text.cableinet.net...
> > I'm tired, I've been reading too much. I admit I'm a security novice but
I
> > am willing to learn. Unfortunately, after following some web-based
> > recommendations I find someone else attacking me for my new found
beliefs.
> > So, I read some more [their adivce] and that is 'trashed' by another
> > know-it-all, and so it goes on.
> >
> > I'm very busy studying Windows 2000 Server [among other things] so I
hate
> > wasting my time.
> > Simply, I want to know what enabling 'Client for Microsoft Networks'
> > does/allow.
> >
> > It all stems from Win2K Server DUN 'deleting' the saved dialup password
> when
> > encountering an ISP Authentication error - i.e. My ISP, for whatever
> reason
> > may refuse my credentials (which are correct and have been successfully
> > accepted previously) and the connection is refused. DUN will then redial
> > but, as I have discovered, it now has no password to pass on (confirmed
by
> > opening DUN settings where the password had mysteriously disappeared)
and
> > will loop in this failed authentication/redial process until limits are
> > reached or human interaction occurs.
> >
> > My ISP recommended I re-enabled 'Client for Microsoft Networks' to cure
> this
> > fault, stating this process is required to "cache" my password. This
> caused
> > me some concern as I'd just followed several security articles claiming
> > Client for Microsoft Networks and File and Print Sharing are not
required
> > for Internet access and should be disabled/uninstalled.
> >
> > In my endeavour to question the wisdom of my ISP I was "told" by others
> that
> > I was [insert derogatory phrases] and pointed to many links that were,
> IMO,
> > personal attacks of GRC aka Steve Gibson. With patience, I read through
> > article after article of how "although I generally agree and cannot
fault
> > his reasoning...but I cannot agree xxxxxx-statement is entirely true or
> > proved..." and came up with nothing concrete. They really do generally
> > agree. Most of this appears to stem from the Linux vs Windows gangs - I
> > don't want to go there at all - I'm forced to use Windows and I'm stuck
> with
> > it, end of.
> >
> > Please, I just want facts.
> > What are the vulnerabilities of Client for Microsoft Networks [NOT File
&
> > Print Sharing]?
> > How does it work?
> > Is it required to remember DUN passwords?
> > Why would an ISP 'recommend' it be installed for Internet access?
> >
> > All input welcome and thank you for reading [listening to] this.
> >
> >
>
>
- Next message: Ralph Malone: "modifying group "user" rights"
- Previous message: V4: "Re: just simple facts"
- In reply to: x y: "Re: just simple facts"
- Next in thread: Soro: "Re: just simple facts"
- Reply: Soro: "Re: just simple facts"
- Reply: x y: "Re: just simple facts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
