lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <200208270542.RAA464417@ruru.cs.auckland.ac.nz>
From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
Subject: RE: SMB overflow attacks

"Jason Coombs" <jasonc@...ence.org> writes:

>Does anyone have any information about why System binds to a port above 1024,
>and what can be done, if anything, to force Windows 2000/XP/.NET Server to
>stop binding to port 445 TCP and UDP?

445 is the new NetBIOS [0], and just as easy to get rid of (i.e. you don't,
you block it at the firewall).  I assume from your post that you've already
tried the old NetBIOS trick of binding it to the loopback NIC?  I wish they'd
at least have an option to bind all the random uncontrollable junk to
127.0.0.1 rather than 0.0.0.0...

Peter.

[0] Quite literally.  MS took all the NetBIOS stuff they knew about and moved
    it to 445, leaving the stuff they didn't know about to wither at 13x.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ