Just going from your information i'd say that it could be alittle
dangerous, if the Internal host has the drive share, with no password, and
its over TCP/IP and theres a connection accessable from the Net then you
could have a bad situation.
A local company i've done some work for decided that they would install MS
Exchange server onto there host connected to the net, don't ask :-) , what
Exchange did was, by default, created a heap of shares that were accessable
from the net, it was using Netbeui over tcp/ip.
TCP/IP port 139 was open and so after a little demonstration of what could
be done they soon changed there config and removed exchange server from the
host.
What you should do is try and see if you can gain access externally.
Hope this is useful
Leon
-----------
> From: jonj @
inel .
gov
> To: firewalls-digest @
GreatCircle .
COM
> Subject: Netbios
> Date: Friday, 8 November 1996 12:51
>
> Howdy
>
> I would appreciate it if someone here could answer a question:
>
> I block UDP 136-138 from the internal net outbound to an "untrusted net"
(DMZ). This
> seems to stop the endless stream of WINS packets emmiting from internal
hosts.
> Checking the logs, I see that the internal box is still making a TCP port
139
> connection to the "untrusted host". What I am trying to determine is,
what is the
> level of threat here. My internal hosts appear to be doing a drive
sharing with the
> untrusted host. This, on the surface, appears to be a bad situation.
>
> Any help would be appreciated. Thanks
>
> ________________________________
> Jon Jacobsen Staff Engineer
> Lockheed Martin jonj @
inel .
gov
> ________________________________
|
|
