Firewalls: Re: FW: Windows NT holes and Lotus Notes holes (fwd)

Firewalls
(November 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: FW: Windows NT holes and Lotus Notes holes (fwd)
From:	Paul Ferguson <pferguso @ cisco . com>
Date:	Wed, 29 Nov 1995 08:24:44 -0500
To:	Torsten Sturm <tnsturm @ faui01 . informatik . uni-erlangen . de>
Cc:	Russ Cooper <rcooper @ the-wire . com>, firewalls @ GreatCircle . COM

At 01:16 PM 11/29/95 +0100, Torsten Sturm wrote:

>Russ Cooper wrote:
>> 
>> As far as I am aware, only UDP port 139 is potentially dangerous, as it is
>> used to handle netbios session information. UDP 137 is used for browsing,
>
>Just to mention, nbt uses TCP (!) for port 139 connections.
>It opens only one connection even for multiple sessions
>between two NT stations.(e.g. share a, share b, rpc over named piped,
>which is used for registry and services administration connections).
>
>So, it is a little more secure than those nfs-UDP sessions.
>


For what its worth, RFC-1002 defines both udp/137 *and* tcp/137:

 NAME SERVICE:

  NAME_SERVICE_TCP_PORT      137 (decimal)
 
  NAME_SERVICE_UDP_PORT      137 (decimal)


- paul


--
Paul Ferguson                                           ||        ||
Consulting Engineering                                  ||        ||
Reston, Virginia   USA                                 ||||      ||||
tel: +1.703.716.9538                               ..:||||||:..:||||||:..
e-mail: pferguso @
 cisco .
 com                         c i s c o S y s t e m s

Indexed By Date	Previous:	Re: Reasons to connect to the Internet From: "Peter Galloway" <galloway @ oznet02 . ozemail . com . au>
Indexed By Date	Next:	Re: chroot/setuid vs type enforcement From: Dermot Tynan <dtynan @ fws . ilo . dec . com>
Indexed By Thread	Previous:	Re: FW: Windows NT holes and Lotus Notes holes (fwd) From: Torsten Sturm <tnsturm @ cip . informatik . uni-erlangen . de>
Indexed By Thread	Next:	RE: FW: Windows NT holes and Lotus Notes holes (fwd) From: Russ Cooper <rcooper @ the-wire . com>