[Gllug] Port 445 on Windows 2000
Gordon Joly
gordon.joly at pobox.com
Thu Aug 30 22:13:00 UTC 2001
Date: Thu, 30 Aug 2001 12:45:42 +0100
Reply-To: Andrew Cormack <Andrew.Cormack at UKERNA.AC.UK>
Sender: Super list for computer security for JANET sites
<UK-SECURITY-ALL at JISCMAIL.AC.UK>
From: Andrew Cormack <Andrew.Cormack at UKERNA.AC.UK>
Subject: Port 445 on Windows 2000
To: UK-SECURITY-ALL at JISCMAIL.AC.UK
-----BEGIN PGP SIGNED MESSAGE-----
A press report of a successful attack on Microsoft's own network has
prompted me to send out a reminder about port 445 (CIFS) which is used
by Windows 2000.
Previous versions of Windows networking have used ports 135-139 to do
file sharing, printing, authentication etc. These protocols can leak a
lot of information even if properly set up, and if badly set up (for
example by users who see no problem in sharing their disks with the
world) then they can be a very easy route for intruders to break in. We
therefore strongly recommend that these ports be blocked at your site
router to prevent this kind of attack.
Windows 2000 has introduced the CIFS port, 445, which passes essentially
the same protocols, and therefore has the same risks. Since there has
now been one high-profile attack using this protocol it is safe to
assume that other intruders will be trying to use the same route. We are
therefore repeating the advice that you not permit traffic to or from
ports 135-139 and 445, TCP and UDP in or out of your site LAN.
More information about blocking access can be found at
http://www.ja.net/CERT/JANET-CERT/prevention/cisco/local_services.html#la
n
The news article is at http://www.newsbytes.com/news/01/169408.html
Andrew
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
iQEVAwUBO44nWnnoxmgUypZhAQEIIQf/WLulDr/8cg+rkW4X31Q4dG9bAMnCiGNG
XW3kzCzULJ5LpdySrQ6E7AgoEKofH+BeAX8zCZB78eGHg39MysoEM0UZ7/Hsps7i
I+X0uuU+FwOnorQEUknZud/zQiVjeyqOlWxqUU53t781Pka61HiN/x+RaSlRnIib
d9FqDqn1qIPZklici2mJGhlT5TNB6nw2F/IdHtoJ4Qi9TCCsCE4F1i8K37eVjjN9
jPhn+0LA9gqdg2xtQnr9QbUp3AL4P1fQS/Ixx0U86sQ52FYLVguqNhuMuSRlJGuM
Gqhlew2wcD76V8KesNDhFuHCpiYcsUxUAK4wbtXO6iHc1xmN9RP3EQ==
=Imcg
-----END PGP SIGNATURE-----
--------------------------------------------------------------
Andrew Cormack
Head of CERT
UKERNA, Atlas Centre, Chilton, Didcot, Oxon. OX11 0QS
Phone: 01235 822 302 E-mail: Andrew.Cormack at ukerna.ac.uk
Fax: 01235 822 398
--
Gordon Joly//////////
gordon.joly at pobox.com
http://pobox.com/~or/
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list