At 10:44 PM 8/21/96 -0400, you wrote:
>i was curious if anyone has used nt4's built in firewall feature? if so,
>what comments do u have on it? also, does anyone know how to set it up to
>avoid server level ping floods (icmp)? thanx
>»»» ntmaster «««
O.K. 'NT Master', I'll bite the bait, what 'built in firewall feature'?
There is a product called Catapult, which is a proxy (not to be confused
with a firewall) which runs on top of NT 4.0 and IIS 2.0.
Don't confuse NT C2 certification with network security either, it refers
only to a standalone NT box that doesn't talk to anything.
The network logon security appears to be strong, where it exchanges 16bit
OWF (One-Way-Function) encrypted DES and RSA-MD4 passwords through a
secure(d) channel to a server for requesting user access tokens. However
all this work culminates in associating the encrypted token with four
character plaintext UIDs accompanying all SMB session (port 139) traffic.
This should be very easy to Hijack. As I write this, I'm worried because
I just sniffed the net again, and noticed my UID is the same as last Friday.
Anyone know the TTL for SMB UIDs? In fairness, in a comparison to UNIX
SMB would map to NFS which you would diligently turn off in a firewall
(all of us, but not MS, which purposefully creates a share with Catapult),
and the logon process would map to Kerberos or SecureRPC logon (DES 40-bit
Raptor has an NT firewall, some say it should not be a PDC or BDC that keeps
duplicates of the user SAM database(/etc file or NIS+ table equivalent), I
would go further and say it should not even be a domain member which a domain
would trust, but a server in it's own single-host domain. Raptor does kill
'server' and other processes that open SMB type ports from what I can tell,
and they appear to replace the (mysterious) MS NT TCP/IP stack as a network
So far I've only mentioned a percentage of many network objects in NT, and
each follow different security mechanisms and ports in the IP stack. MS
has no plans to open and make public their code for inspection.
Personally, I think there are too many mysteries and have seen too many
security bugs in NT to trust it it's use as a external corporate-strength
Senior Systems Admin NT/UNIX/I-net/Routers/Mainframes/Janitor ;)
Hitachi Data Systems 408-970-4822 --- Disclaimer: I speak only for myself
___________"Infowar, Cyber-war, yes, 'they' _are_ out to get you..."___________