lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030810222159.95899.qmail@web20610.mail.yahoo.com>
From: joey2cool at yahoo.com (Joey)
Subject: Cox is blocking port 135 - off topic

cox does block port 445 also, but i havent seen any
exploits that use that port. even though its said that
port 445 is vulnerable, where is the POC?

--- Kurt Seifried <listuser@...fried.org> wrote:
> Off topic:
> 
> This won't help much at all. Windows 2000/XP run
> Microsoft SMB over TCP on
> 445 as well (reduced overhead then 135/etc, no
> NetBIOS layer). When a client
> tries to connect to a remote host for file/print
> sharing/etc it connects on
> both ports 135 and 445, if a response is recieved
> from port 445 it drops the
> connection to 135. THe attack works quite well
> against client systems using
> port 445. If Cox blocks both ports 135 and 445 that
> will be semi-effective
> (except of course for internal users who spread a
> worm/etc, such as laptops
> that move around). THis may block a few of the more
> stupid attacks but not
> for long.
> 
> Kurt Seifried, kurt@...fried.org
> A15B BEE5 B391 B9AD B0EF
> AEB0 AD63 0B4E AD56 E574
> http://seifried.org/security/
> 


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ