Vulnerability Development mailing list archives

RE: SUMMARY: SMB overflow attacks

From: pgut001 () cs auckland ac nz (Peter Gutmann)
Date: Fri, 30 Aug 2002 17:25:09 +1200 (NZST)

"Jason Coombs" <jasonc () science org> writes:

UPDATE: I double-checked and in fact was able to stop port 445 from binding
at all under Windows 2000 using the following Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters

under this key remove the default value "\Device\" from the TransportBindName
REG_SZ value. upon reboot, port 445 is gone completely, both TCP and UDP.


Wonderful!  One minor comment on this, removing the entire TransportBindName
has the same effect and can be done automatically with a regdel 
(http://www.flos-freeware.ch/regdel.html) script at boot time.  This is
somewhat safer than a one-off edit of a value entry, since these sorts of
things have a nasty self-healing capability which occurs when applying service
packs or making changes to network configs.

Peter.

Current thread:

SUMMARY: SMB overflow attacks Jason Coombs (Aug 29)
- RE: SUMMARY: SMB overflow attacks Jason Coombs (Aug 29)
- Re: SUMMARY: SMB overflow attacks Emeric Miszti (Aug 30)
- <Possible follow-ups>
- RE: SUMMARY: SMB overflow attacks monti (Aug 30)
  - RE: SUMMARY: SMB overflow attacks Dave Aitel (Aug 30)
- RE: SUMMARY: SMB overflow attacks Peter Gutmann (Aug 30)