[unisog] Correction: XP SP2 ports open to local subnet

Bradley Ellis Bradley.Ellis at its.monash.edu.au
Thu Jun 10 04:34:16 GMT 2004


Hi All,

My 2 cents worth on two of the follow on topics are:

File and Printer Sharing enabled by default:
--------------------------------------------
While you are correct in F&P using ports 137-139UDP,445TCP -
file and printer sharing is not the only service to
use these ports.

If any other service, like Remote Procedure Calls is 
linked to any of these ports, the situation is far 
worse situation, because unlike file and printer sharing 
which can be stopped stopping the RPC service is almost
impossible if you want a operational pc.

Spoofing:
---------
IP Spoofing is something we take care of ourselves at a 
network level.

Traffic that we know shouldn't be appearing on a interface,
we drop.

I would suggest that using the network interconnectivity
devices in this way is the appropriate way to handle IP 
Spoofing.

Cheers,
Brad.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 1872 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20040610/61f55f09/smime-0004.bin


More information about the unisog mailing list