Re: Win2k Telnet.exe malicious server vulnerability

[J Edgar Hoover <zorch () RIGHTEOUS NET>]

On Fri, 15 Sep 2000, Bronek Kozicki wrote:

> From: "Ryagin Mihail Yurevitch" <ryagin () EXTRIM RU>
>
> > The problem is far more general then within single poor configuration
> defaults in telnet.exe.
> > The main problem is that Windows automatically supply user credentials in
> many situations without ever asking for his opinion.
>
> That's why, exactly, you do not pass NetBIOS through your firewall -
> incoming as well as _outgoing_ traffic.

Ahh, but it doesn't stop there...

w2k with ie also likes to exchange kerberos keys with foreign web
servers.

I noticed this whlle trying to disable the "autosearch" spyware
in ie. If you type a URL that fails lookup, ie does a search at
auto.search.msn.com.. Yes, ie has a button to 'disable' this, but when I
tried that, it was still sending data to msn. The only fix I've found was
to wall off *.search.msn.com.

While you are at it, wall off LDAP too... or just play it safe and not let
any traffic on ports <1024 in or out of the windows network.