[Dshield] Netbios over tcpip never good ? (was spamcop listed )

Johannes B. Ullrich jullrich at sans.org
Wed Dec 17 12:13:33 GMT 2003

> The fact that you can create a website with NTLM authentication shows that
> MS thinks it is also suitable for the internet.


> Oh yeah encryption ... Sure encrypt everything, 5 years from now I can
> already hear you crying, why did we ever start encrypting all the traffic ?

All a matter of implementation. But usually, only the traffic between
the gateways is encrypted. Inside your network, its still sniffable. 
(Chris can probably help out on VPN implementation strategies ;-) )

> I can't see f*** all of what my users are doing, can't even see the
> difference between a HTTP and an SSH session ... But since it's all
> encrypted ... All I can do is allow it ?

You can still block it by site. There are wonderful application proxies
to secure a corporate network and with fine grained access control and

> What exactly is so insecure about netbios ? The thing mentioned before about
> 'user enumeration' is something that can easily be disabled with a registry
> key.

This is not about Windows being secure or not. It is about how to use
Windows securely. 

Microsoft outlines in its "ISP Security Practices List"

"Deny all traffic to ports 135-139,445 TCP/UDP (NetBios/SMB)."

(lower part of the page, in the Firewall and Router Security section)

CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 786 1563            
  fax: (617) 786 1550                          jullrich at sans.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20031217/a41ff6d7/attachment.bin

More information about the list mailing list