[Dshield] Netbios over tcpip never good ? (was spamcop listed )
Johannes B. Ullrich
jullrich at sans.org
Wed Dec 17 12:13:33 GMT 2003
> The fact that you can create a website with NTLM authentication shows that
> MS thinks it is also suitable for the internet.
> Oh yeah encryption ... Sure encrypt everything, 5 years from now I can
> already hear you crying, why did we ever start encrypting all the traffic ?
All a matter of implementation. But usually, only the traffic between
the gateways is encrypted. Inside your network, its still sniffable.
(Chris can probably help out on VPN implementation strategies ;-) )
> I can't see f*** all of what my users are doing, can't even see the
> difference between a HTTP and an SSH session ... But since it's all
> encrypted ... All I can do is allow it ?
You can still block it by site. There are wonderful application proxies
to secure a corporate network and with fine grained access control and
> What exactly is so insecure about netbios ? The thing mentioned before about
> 'user enumeration' is something that can easily be disabled with a registry
This is not about Windows being secure or not. It is about how to use
Microsoft outlines in its "ISP Security Practices List"
"Deny all traffic to ports 135-139,445 TCP/UDP (NetBios/SMB)."
(lower part of the page, in the Firewall and Router Security section)
CTO SANS Internet Storm Center http://isc.sans.org
phone: (617) 786 1563
fax: (617) 786 1550 jullrich at sans.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20031217/a41ff6d7/attachment.bin
More information about the list