[Dshield] Netbios over tcpip never good ? (was spamcop listed)
allan.vanleeuwen at orangemail.nl
Tue Dec 16 16:54:10 GMT 2003
Sorry but I have to disagree on a lot of your points.
You are obviously somebody who thinks the internet is just FTP, HTTP and
There are lots of reasons why ports 137,139 and 445 could be used for legal
reasons on the internet.
I might want to send a message using the NET SEND command.
I might need to access a website that uses NTLM authentication instead of
I might want to map a drive to a friends computer..
I might need to control my servers at work, from home ... Over netbios of
Netbios is used for a lot of other stuff as well.
I think it's wrong to close ports just because there are known
vulnerabilities on it ... My opninion is, it's better to patch the holes in
the software then just disable the whole thing coz it's an 'evil port'.
Suppose FORD MOTORS sends out an advisory explaining that the door to the
drivers seat could be dangerous to get into, because it has a little hook
somewhere that some ppl have hurt themselves on ... Would you say 'Ok, from
now on I'll just get into the other door, and work my way to the drivers
seat someway inside the car', or would you just remove the hook that FORD
has warned about ?
Sorry about my really bad english, I hope the analogy was somewhat
comprehensible to most of you ... English is obviously not my native
From: Al Reust [mailto:areust at comcast.net]
Sent: dinsdag 16 december 2003 7:16
To: General DShield Discussion List
Subject: RE: [Dshield] mail1.giac.net spamcop listed]
SCRAPE, as I drag out the Soap Box
I partially agree, there is one thing that I do not agree on. I can see No
Reason that NetBIOS over TCP/IP is ever Good! That allows a remote user to
do silly thing like enumerate user accounts and password age etc.. That is
why we block 135, 137~139, 445 and more at the Firewall.
A statement of what "services" are blocked and various ports associated for
a User or a Small Business that are purchasing connectivity should be in
terms of the service agreement. The User expects to be "automatically
protected," they are upset when they are not. They thought they were
automatically. One of the recent "complaints" are ISP's are not proactive
and allow bad things through. Which side are we on?
* If All ISP's blocked just NetBIOS over TCP/IP the script kiddies would
have to get more knowledgeable and creative. No More browsing the Network
Neighborhood no matter which ISP.
* If All ISP's blocked most other ports to Dialup that could get a user in
trouble a large number of "Us" or Virus Companies etc.. would not be needed.
* If All ISP's tailored require ports to what the Small Business needed we
would not see various things happening are happening today.
* If all ISP's only accepted port 25 connections to the local mail server
from a directly connected IP host, or other allowances via IP only then
SPAM would not happen.
* If all ISP's did all of the Above we would not have seen
Blaster/derivatives and MS would not have had to patch the OS or several
other things that are allowed, because of the current state of the
The World could have gone on in that "ignorant state of bliss," as it was
before people found out you really could do things with/across Just TCP/IP
So an appropriate Statement would be, this is done in "Your Protection" and
if You have requirements that require other network services we will be
happy to discuss and accommodate. Our goal is to provide the Safest, most
complete services that we can. Then discuss what comes to "our" level of
expertise. "We" then mitigate what needs to happen. Everyone knows after
So we are now stuck, with building Routers that can block large portions of
the world and still let script kiddies attempt to break the local
"administrator" password (NetBIOS derived) on someone else's computer
across networks.. Then they plant things that make all our lives miserable.
While "We" are still putting Pressure on ISP's to protect us.. Why?
Lets get "our" stories straight. If we offer a recommendation to block
these ports and why then accommodate the "risks" for small business, it
all can be accommodated/mitigated. But the information has to be
Otherwise we all need to get an AOL 9.0 Account (they are violating
everything).. If you believe their advertisements it is now the Safest,
most Sanitized Internet.. and You do not know what they doing... See
precious threads.. LOL..
Scrape as the soap box goes back into the closet..
If You have a tirade then you are welcome to send me offline. It any of
this strikes sense in what we have discusses in the over last few months.
Then discuss it.
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is alleen
bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt,
wordt u verzocht de inhoud niet te gebruiken en de afzender direct te
informeren door het bericht te retourneren. Hoewel Orange maatregelen heeft
genomen om virussen in deze email of attachments te voorkomen, dient u ook
zelf na te gaan of virussen aanwezig zijn aangezien Orange niet
aansprakelijk is voor computervirussen die veroorzaakt zijn door deze
The information contained in this message may be confidential and is
intended to be only for the addressee. Should you receive this message
unintentionally, please do not use the contents herein and notify the sender
immediately by return e-mail. Although Orange has taken steps to ensure that
this email and attachments are free from any virus, you do need to verify
the possibility of their existence as Orange can take no responsibility for
any computer virus which might be transferred by way of this email.
More information about the list