Russ Cooper wrote:
> As far as I am aware, only UDP port 139 is potentially dangerous, as it is
> used to handle netbios session information. UDP 137 is used for browsing,
Just to mention, nbt uses TCP (!) for port 139 connections.
It opens only one connection even for multiple sessions
between two NT stations.(e.g. share a, share b, rpc over named piped,
which is used for registry and services administration connections).
So, it is a little more secure than those nfs-UDP sessions.
> so it can be a source of information that you might not want advertised
> (i.e. machine names, domain names, etc...), and UDP 138 is the datagram
You say it, Port 138 is used for UDP-Datagram service.
> As for compromising a system, if you can get a machine name, then every NT
> server has a share called \\machine_name\c$, and far too many have left
> user Administrator with rights to everything. If the NT box hasn't
> implemented security controls (i.e. limiting the number of invalid password
> attempts) and is not using Alerter to inform an authority of disabled
> users, then hacking into an NT box comes down to pounding away on
So exactly this is the reason for renaming the Administrator account.
It is not disabable to resist to denial of servie attacks. And,
this again is a reason for choosing good passwords.
Some people on the net reported to be able to
try about 200 password a second (if the account lockout feature is not
enabled.). For a good password, that would be not enough.
But for security, rename the Administrator account, and disable
the guest account !!!!!!!!!!!!!!!!!!!!!!!!!!
InfoSec webpage :