Re: Hackers accessing User list

From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 12/10/02 

From: "Karl Levinson [x y] mvp" <levinson_k@excite.com>
Date: Tue, 10 Dec 2002 11:26:52 -0500

NetBEUI isn't routable. NetBIOS is.

"Roland Serman" <roland.serman@eds.com> wrote in message
news:091b01c2a052$76d5ca00$d3f82ecf@TK2MSFTNGXA10...
> You can't get NetBIOS trafic from the internet, NetBIOS
> isn't routable.
>
> >-----Original Message-----
> >
> >"Wayne" <wmannion@unm.edu> wrote in message
> >news:097901c29fd1$ea926880$8df82ecf@TK2MSFTNGXA02...
> >> Right now I am auditing logon and noticed hackers using
> >> names that are on my user listing. Names that are not
> >> easy to guess. How can they access the this list? And
> >> what can I use to prevent them access?
> >
> >Why aren't you using a firewall, and why do you think
> you're secure without
> >one? There are at least a dozen free firewalls out
> there from
> >www.sygate.com to Sentry firewall on a boot linux CD.
> Be sure to block
> >outbound traffic as well as inbound to prevent your
> password hashes from
> >leaking out your network.
> >
> >Also, I can tell you haven't followed the standard
> hardening checklists for
> >securing Windows. This IMHO is a security accident
> waiting to happen.
> >
> >Tools such as getacct from [I think]
> www.securityfriday.com can get a list
> >of login IDs and shares anonymously using netbios null
> sessions unless you
> >do one or all of the following: 1) use a correctly
> configured firewall,
> >and/or 2) set the RestrictAnonymous registry value in
> Windows 2000 to 2
> >[which is not possible to do on domain controllers],
> and/or 3) upgrade to
> >Windows XP which uses different settings for
> RestrictAnonymous.
> >
> >Windows networking tends to use null sessions to allow
> anonymous users to
> >connect to your computers before and during logon, but a
> lack of necessary
> >ACL permissions on certain objects / procedures permits
> these anonymous
> >users to enumerate login IDs and accounts, even with
> RestrictAnonymous = 1.
> >
> >I do agree with the other post... even if you close this
> null session hole,
> >hackers will still be able to attempt to log in as
> administrator, unless you
> >use a firewall to block Netbios traffic from the
> internet. Other things you
> >should also do to secure your systems:
> >
> >http://securityadmin.info/faq.htm#harden
> >http://securityadmin.info/faq.htm#firewall
> >
> >
> >
> >
> >.
> >

Relevant Pages

  • Re: Hackers accessing User list
    ... You can't get NetBIOS trafic from the internet, ... >> Right now I am auditing logon and noticed hackers using ... >www.sygate.com to Sentry firewall on a boot linux CD. ... >securing Windows. ...
    (microsoft.public.win2000.security)
  • RE: Patching a Firewall
    ... NetBIOS has been disabled, since the shares don't exist without NetBIOS. ... In my opinion the OS used for a firewall is not really a big deal, ... need to hack the registry to turn off the administrative shares. ... >>Captus Networks ...
    (Security-Basics)
  • Re: XP cant see 98 PCs on network
    ... I disabled the firewall and set netbios over IP and it see ... >>When exploring my network my XP machine can only see ... >Windows XP Internet Connection Firewall ...
    (microsoft.public.windowsxp.network_web)
  • Re: Hacking NETbios
    ... Well, for one thing, Netbios is a chatty protocol, so you can be advertising ... your presence and windows version on the internet. ... a firewall blocks a lot of other things. ... unix security, they always mention enabling IP filtering... ...
    (microsoft.public.win2000.security)
  • Re: grc.com news server down?
    ... etc.) were a real problem a few years ago. ... There's no doubt that implementing wide ranging and sound security ... He said there was no danger in leaving NetBIOS enabled, ... My ISP wouldn't allow a router, but they did permit a "firewall". ...
    (comp.security.firewalls)
Quantcast