[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Cox is blocking port 135 - off topic
- To: full-disclosure@lists.netsys.com
- Subject: Re: [Full-Disclosure] Cox is blocking port 135 - off topic
- From: Joey <joey2cool@yahoo.com>
- Date: Sun, 10 Aug 2003 15:21:59 -0700 (PDT)
cox does block port 445 also, but i havent seen any
exploits that use that port. even though its said that
port 445 is vulnerable, where is the POC?
--- Kurt Seifried <listuser@seifried.org> wrote:
> Off topic:
>
> This won't help much at all. Windows 2000/XP run
> Microsoft SMB over TCP on
> 445 as well (reduced overhead then 135/etc, no
> NetBIOS layer). When a client
> tries to connect to a remote host for file/print
> sharing/etc it connects on
> both ports 135 and 445, if a response is recieved
> from port 445 it drops the
> connection to 135. THe attack works quite well
> against client systems using
> port 445. If Cox blocks both ports 135 and 445 that
> will be semi-effective
> (except of course for internal users who spread a
> worm/etc, such as laptops
> that move around). THis may block a few of the more
> stupid attacks but not
> for long.
>
> Kurt Seifried, kurt@seifried.org
> A15B BEE5 B391 B9AD B0EF
> AEB0 AD63 0B4E AD56 E574
> http://seifried.org/security/
>
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html