As far as I am aware, only UDP port 139 is potentially dangerous, as it is
used to handle netbios session information. UDP 137 is used for browsing,
so it can be a source of information that you might not want advertised
(i.e. machine names, domain names, etc...), and UDP 138 is the datagram
port.
As for compromising a system, if you can get a machine name, then every NT
server has a share called \\machine_name\c$, and far too many have left
user Administrator with rights to everything. If the NT box hasn't
implemented security controls (i.e. limiting the number of invalid password
attempts) and is not using Alerter to inform an authority of disabled
users, then hacking into an NT box comes down to pounding away on
\\machine_name\c$ as user Administrator with password "x". If port 139 is
open, and you have the domain name in addition to the machine name, then
you can pound away at logging into the domain as user Administrator with
password "x". If port 137 is open then you can get both the machine name
and the domain name assuming WINS is enabled on the known machine (if the
machine is running NBT its more than likely running WINS).
Cheers,
Russ Cooper
Senior Internet Integration Engineer
SHL/Computer Innovations
RCooper @
the-wire .
com - Express @
msn .
com - 74323 .
364 @
compuserve .
com
Follow-Ups:
|
|
