[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Cox is blocking port 135 - off topic

To: <joey2cool@yahoo.com>, <full-disclosure@lists.netsys.com>
Subject: [Full-Disclosure] Cox is blocking port 135 - off topic
From: "Kurt Seifried" <listuser@seifried.org>
Date: Sun, 10 Aug 2003 14:56:52 -0600

Off topic:

This won't help much at all. Windows 2000/XP run Microsoft SMB over TCP on
445 as well (reduced overhead then 135/etc, no NetBIOS layer). When a client
tries to connect to a remote host for file/print sharing/etc it connects on
both ports 135 and 445, if a response is recieved from port 445 it drops the
connection to 135. THe attack works quite well against client systems using
port 445. If Cox blocks both ports 135 and 445 that will be semi-effective
(except of course for internal users who spread a worm/etc, such as laptops
that move around). THis may block a few of the more stupid attacks but not
for long.

Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Cox is blocking port 135 - off topic
  - From: pdt@jackhammer.org
- [Full-Disclosure] Re: Cox is blocking port 135 - off topic
  - From: martin f krafft <madduck@madduck.net>
- Re: [Full-Disclosure] Cox is blocking port 135 - off topic
  - From: Joey <joey2cool@yahoo.com>

References:
- [Full-Disclosure] Cox is blocking port 135
  - From: Joey <joey2cool@yahoo.com>

Prev by Date: Re: [Full-Disclosure] TCP ports 1025-1030 and DCOM exploit
Next by Date: Re: [Full-Disclosure] Cox is blocking port 135 - off topic
Prev by thread: [Full-Disclosure] Cox is blocking port 135
Next by thread: Re: [Full-Disclosure] Cox is blocking port 135 - off topic
Index(es):
- Date
- Thread