lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: ostiguy at gmail.com (Matt Ostiguy)
Subject: TCP Port 42 port scans? What the heck over...

On Wed, 15 Dec 2004 09:58:18 -0500, Valdis.Kletnieks@...edu
<Valdis.Kletnieks@...edu> wrote:
> On Mon, 13 Dec 2004 14:33:42 EST, Matt Ostiguy said:
> 
> > found an exploitable bug in the WINS service. Still, given how few
> > people one would expect to have that port accessible through a
> > firewall, or just how low the percentage of windows servers running
> > WINS is
> 
> Do you have any actual data showing that either of those two numbers is low,
> or are you relying on "if people have clue, these will be low"?
> 

Educated guess. Some reasons:

1. A single site /single subnet Windows shop can generally survive
without WINS - systems will battle to act as ad hoc browse master,
which will maintain the browse list of resources for network
neighborhood which it compiles from local subnet broadcasts. This
allows tons of places to run without WINS. If you have ever heard
people talk about Windows boxes being chatty from a network
perspective - this broadcast stuff is why.

2. WINS isn't installed by default on Win2k or 2k3, and I am fairly
certain it wasn't a default install on NT 4 either. DNS is required
for Active Directory on win2k and win2k3.

3. I can't think of a good reason to open WINS through a firewall.
Generally one would expect places with multiple sites to use site to
site connections, IPSec tunnels, and end user VPN tunnels, all of
which would negate the need to open it through the firewall.

4. Most places likely have 1 or 2 WINS servers per site. Any more, and
you are likely increasing pain and complexity (with push-pull
replication issues, etc) versus minimal redundancy gain.

So, DNS is about a universal requirement as there is these days, and a
fair of people are probably exposing their MS DNS service through the
firewall. A fair number are probably running MS DNS internally, and
doing something different externally, for security and/or  usage of
NAT reasons (their DNS server would resolve www.smallbizdomain.com to
192.168.1.2 if exposed to the net). I really cannot think of any
reason why anyone would expose WINS through a firewall, so it probably
leaves the few, the hardy, the stupid who have no firewall whatsoever.

Matt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ