Vulnerability Development mailing list archives
RE: SUMMARY: SMB overflow attacks
From: pgut001 () cs auckland ac nz (Peter Gutmann)
Date: Fri, 30 Aug 2002 17:25:09 +1200 (NZST)
"Jason Coombs" <jasonc () science org> writes:
UPDATE: I double-checked and in fact was able to stop port 445 from binding at all under Windows 2000 using the following Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters under this key remove the default value "\Device\" from the TransportBindName REG_SZ value. upon reboot, port 445 is gone completely, both TCP and UDP.
Wonderful! One minor comment on this, removing the entire TransportBindName has the same effect and can be done automatically with a regdel (http://www.flos-freeware.ch/regdel.html) script at boot time. This is somewhat safer than a one-off edit of a value entry, since these sorts of things have a nasty self-healing capability which occurs when applying service packs or making changes to network configs. Peter.
Current thread:
- SUMMARY: SMB overflow attacks Jason Coombs (Aug 29)
- RE: SUMMARY: SMB overflow attacks Jason Coombs (Aug 29)
- Re: SUMMARY: SMB overflow attacks Emeric Miszti (Aug 30)
- <Possible follow-ups>
- RE: SUMMARY: SMB overflow attacks monti (Aug 30)
- RE: SUMMARY: SMB overflow attacks Dave Aitel (Aug 30)
- RE: SUMMARY: SMB overflow attacks Peter Gutmann (Aug 30)