[unisog] XP SP2: 137, 138, 139 and 445 open by default
phil.rodrigues at nyu.edu
Wed Jun 9 18:32:45 GMT 2004
We downloaded the publicly available XP SP2 beta from Microsoft,
installed it on a computer, then ran some test with nmap.
By default, the Windows "Security Center" allows for 2 exceptions to the
firewall: one for "File and Print Sharing" and one for "Remote Assistance".
Remote Assistance didn't seem so scary: you still have to enable that
feature, which is disabled by default.
But since an exception for "File and Print Sharing" was enabled by
default, nmap showed that ports 137/udp, 138/udp, 139/tcp, and 445/tcp
were all open, even when the Firewall was turned on. By default. In
order to close these ports, we had to take the extra step of disabling
the exception within the Windows Security Center app.
Please try it yourself, and tell me if we missed something:
So, I would still make plans to automate pre-registration scans of your
networks for Windows RPC-ish vulnerabilities, at the very least. They
may have closed 135/tcp, but with 445/tcp open there is still plenty of
room for mischief. By default.
Sr Network Security Analyst
New York University
More information about the unisog