Re: [PEN-TEST] Closing Port 139

[Frank Dimina <fdimina () RIPTECH COM>]

I think people are stating that the NT TCP filtering "gets funny" because
they are expecting a stateful type of filter, remember this is not a
firewall, it's a router style of blocking all packets on a port.

I have never experienced a problem or unexpected result with the NT TCP
packet filtering.

-----Original Message-----
From: Jamie C. Pole [mailto:jpole () JCPA COM]
Sent: Thursday, October 12, 2000 3:44 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] Closing Port 139


RE: [PEN-TEST] Closing Port 139
It doesn't work very well at all.  NT's packet filtering is really twitchy,
especially when dealing with those ports that are (nominally, at least)
involved in NT network services.

This gets even funnier with certain of the NT-based firewalls (MS Proxy
Server is NOT a firewall, by the way) that open more ports than they close.
It's always hysterical to hear a firewall vendor suggest that you need to
use OS-based packet filtering to close ports that can't be closed by their
firewall product.  :-)

The only reliable way to kill this port is by firewalling or router ACL's.

Jamie

--
Jamie C. Pole
Principal Consultant
J.C. Pole & Associates, Inc.

Purveyors of global commercial intelligence and counterintelligence services

PGP Fingerprint:  6F18 A0E2 DF95 B0F0 A954  A333 B3C4 663E 893A D6F2
--


----- Original Message -----
From: Anderson, Harry F.
To: PEN-TEST () SECURITYFOCUS COM
Sent: Thursday, October 12, 2000 1:46 PM
Subject: Re: [PEN-TEST] Closing Port 139


     How well does this work on just NT?  I have been told that the NT
packet filtering does not work consistantly with all ports.   I have wanted
to test it but there is just not enought time in the day.
  - Harry Anderson