Re: user list

From: Steven L Umbach (n9rouz_at_nscomcast.net)
Date: 11/21/03 

Date: Fri, 21 Nov 2003 04:36:50 GMT

I want to add, that if for some reason a firewall is not an option right now you can
look at using ipsec filtering as a temporary measure. See link below for more
details. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;304868

"Steven Umbach" <n9zrou@nscomcast.com> wrote in message
news:Togvb.201314$ao4.714306@attbi_s51...
> I have never tried disabling netbios over tcp/ip that way. Their reference to
> disabling netbios over tcp/ip in wins is correct - you also need to disable file
> and print sharing on that nic to stop smb over port 445 as they state. I just
> wanted to make sure that you did not disable the tcp/ip netbios helper service
> as it will cause problems like dns malfunctioning. I don't know much about
> Exchange, which may be complicating your ability to harden the server. You may
> want to post those issues at an Exchange newsgroup. I think your best bet is to
> use a firewall that blocks all inbound ports by default, and then you open only
> those ports needed for access. --- Steve
>
> "gazebo" <anonymous@discussions.microsoft.com> wrote in message
> news:003701c3afdf$ed141530$a001280a@phx.gbl...
> > thanks Steve,
> >
> > I follow the doc provided by MS.
> > http://msdn.microsoft.com/library/default.asp?
> > url=/library/en-us/dnnetsec/html/THCMCh16.asp
> > In step 4, To disable NetBIOS over TCP/IP
> >
> > According to that, disabling at the WINS tap is not
> > sufficient.
> >
> > Gazebo
> >
> > >-----Original Message-----
> > >Where did you disable nebios over tcp/ip? - do not
> > disable the tcp/ip
> > >netbios helper service as problems will occurr. Nebios
> > should be disabled in
> > >network adapter properties\/tcp/ip\advanced\wins. Did
> > you try just
> > >disabling file and print sharing? --- Steve
> > >
> > >"gazebo" <anonymous@discussions.microsoft.com> wrote in
> > message
> > >news:0b7501c3af49$f4f360d0$a101280a@phx.gbl...
> > >> I tried to disable netbios over TCPIP on DNS and
> > exchange
> > >> server. It turned out that DNS cannot be started. And
> > >> exchange server reported some services not started as
> > well.
> > >>
> > >> Is it the case?
> > >>
> > >> >-----Original Message-----
> > >> >You do not need them for dns or IIS/FTP. --- Steve
> > >> >
> > >> >"gazebo" <anonymous@discussions.microsoft.com> wrote in
> > >> message
> > >> >news:063901c3ae60$080ae110$a101280a@phx.gbl...
> > >> >> But do I need those services for property operations?
> > >> such
> > >> >> as IIS, DNS, FTP
> > >> >>
> > >> >> Gazebo
> > >> >> >-----Original Message-----
> > >> >> >Easily done via a null session if you have file and
> > >> print
> > >> >> sharing enabled on
> > >> >> >your network adapter connected to the internet and
> > you
> > >> do
> > >> >> not have a
> > >> >> >firewall or it is improperly configured. Go to
> > >> >> http://scan.sygatetech.com/
> > >> >> >for a basic vulnerability scan and see if sirens go
> > off
> > >> >> about netbios ports
> > >> >> >being open to the world. There are free personal
> > >> >> firewalls available for
> > >> >> >personal use. A firewall is only one component in
> > >> >> securing a network
> > >> >> >however. --- Steve
> > >> >> >
> > >> >>
> > >>
> > >http://www.webattack.com/Freeware/security/fwfirewall.shtm
> > >> >> l
> > >> >> >http://www.microsoft.com/security/protect/
> > >> >> >http://securityadmin.info/faq.asp#harden --- From
> > the
> > >> >> FAQ.
> > >> >> >
> > >> >> >"gazebo" <anonymous@discussions.microsoft.com>
> > wrote in
> > >> >> message
> > >> >> >news:04fb01c3adc1$bfe8bc20$a601280a@phx.gbl...
> > >> >> >> Is it possible that some external parties retrieve
> > >> the
> > >> >> >> user list through the internet? If so, how to
> > avoid
> > >> it?
> > >> >> >>
> > >> >> >> It seems that my server's user list has been
> > >> retrieved
> > >> >> by
> > >> >> >> some unknown parties and every night there are
> > >> repeated
> > >> >> >> logon attempts every few secs using the local user
> > >> >> lists.
> > >> >> >> (failed so far)
> > >> >> >>
> > >> >> >>
> > >> >> >
> > >> >> >
> > >> >> >.
> > >> >> >
> > >> >
> > >> >
> > >> >.
> > >> >
> > >
> > >
> > >.
> > >
>
>

Relevant Pages

  • Re: How to allow client to disable firewall on XP/sp2 machine
    ... secondary sessions across a wide range of ports. ... If the laptop is on the LAN with ISA, you be able to configure ... firewall exceptions both on the client but more preferably on the ISA server. ... completely disabling it, it'll be a fair amount of work to allow disabling ...
    (microsoft.public.windows.server.sbs)
  • RE: Active Sync OMA http/1.1 500 error
    ... > Microsoft CSS Online Newsgroup Support ... > This newsgroup only focuses on SBS technical issues. ... > |> Please make sure Server ActiveSync is enabled globally in your Exchange ... > | But by disabling it my OWA stopped to work. ...
    (microsoft.public.windows.server.sbs)
  • Re: Unable to Receive Email from the internet
    ... Are you running this on Longhorn server? ... Test from outside your firewall: ... Exchange Server 2007: internet email without Edge ... looking at the firewall inbound rules on my LHS. ...
    (microsoft.public.exchange.setup)
  • Re: Exchange server behind firewall cant send outgoing
    ... > I am having some problems with a firewall, and specifically the Exchange ... > non-local users email to the Exchange server. ... Depending on the DNS servers of your ISP. ...
    (comp.security.firewalls)
  • RE: Exchange 2003
    ... This behavior seems plausible if there's a stateful firewall in the ... the case, then clearly, you won't get anything back from an nbtstat, ... does it allow it after there's a connection?". ... without exchange 2003 on it. ...
    (Pen-Test)