Penetration Testing mailing list archives
Re: [PEN-TEST] Closing Port 139
From: Frank Dimina <fdimina () RIPTECH COM>
Date: Fri, 13 Oct 2000 10:31:42 -0400
I think people are stating that the NT TCP filtering "gets funny" because they are expecting a stateful type of filter, remember this is not a firewall, it's a router style of blocking all packets on a port. I have never experienced a problem or unexpected result with the NT TCP packet filtering. -----Original Message----- From: Jamie C. Pole [mailto:jpole () JCPA COM] Sent: Thursday, October 12, 2000 3:44 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Closing Port 139 RE: [PEN-TEST] Closing Port 139 It doesn't work very well at all. NT's packet filtering is really twitchy, especially when dealing with those ports that are (nominally, at least) involved in NT network services. This gets even funnier with certain of the NT-based firewalls (MS Proxy Server is NOT a firewall, by the way) that open more ports than they close. It's always hysterical to hear a firewall vendor suggest that you need to use OS-based packet filtering to close ports that can't be closed by their firewall product. :-) The only reliable way to kill this port is by firewalling or router ACL's. Jamie -- Jamie C. Pole Principal Consultant J.C. Pole & Associates, Inc. Purveyors of global commercial intelligence and counterintelligence services PGP Fingerprint: 6F18 A0E2 DF95 B0F0 A954 A333 B3C4 663E 893A D6F2 -- ----- Original Message ----- From: Anderson, Harry F. To: PEN-TEST () SECURITYFOCUS COM Sent: Thursday, October 12, 2000 1:46 PM Subject: Re: [PEN-TEST] Closing Port 139 How well does this work on just NT? I have been told that the NT packet filtering does not work consistantly with all ports. I have wanted to test it but there is just not enought time in the day. - Harry Anderson
Current thread:
- Re: [PEN-TEST] Closing Port 139, (continued)
- Re: [PEN-TEST] Closing Port 139 Costa, Andrew (Oct 12)
- [PEN-TEST] Closing Port 139 Kasey Speakman (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Ansar Mohammed (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Deus, Attonbitus (Oct 12)
- Re: [PEN-TEST] Closing Port 139 SMILER (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Marc Maiffret (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Tim Crothers (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Walling, Ken (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Frank Dimina (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Deus, Attonbitus (Oct 12)
- Re: [PEN-TEST] Closing Port 139 Frank Dimina (Oct 13)
- Re: [PEN-TEST] Closing Port 139 Deus, Attonbitus (Oct 13)
- Re: [PEN-TEST] Closing Port 139 Erik Birkholz (Oct 14)
- Re: [PEN-TEST] Closing Port 139 David Pick (Oct 14)