Great Circle Associates Firewalls
(November 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Question on Windows NT web behind firewall
From: FaNgYoU2 <fangyou2 @ panix . com>
Date: Fri, 29 Nov 1996 20:34:17 -0500 (EST)
To: firewalls @ GreatCircle . com 
Sometimes I look at the obvious and its significance escapes me.
That seems to be happening now.  

A Windows NT web server is protected from the Internet by a TIS Gauntlet.
The Gauntlet is set up to allow only http connections from the Internet
into the NT web server.  I was able to get physical access to the NT
web server and ran one of my scripts on it.  The results are shown
below.

What are the specific threats to this NT web server from the 
Internet?

--ACCOUNTS-- 
Force user logoff how long after time expires?:       Never
Minimum password age (days):                          0
Maximum password age (days):                          Unlimited
Minimum password length:                              0
Length of password history maintained:                None
Lockout threshold:                                    Never
Lockout duration (minutes):                           30
Lockout observation window (minutes):                 30
Computer role:                                        SERVER
The command completed successfully.

--SERVER CONFIGURATION-- 
Server Name                           \\XYZPDF
Server Comment                        

Software version                      Windows NT 3.51
Server is active on                   NetBT_NETFLX1 (00805f14c9ca)
Nbf_NETFLX1 (00805f14c9ca) 

Server hidden                         No
Maximum Logged On Users               Unlimited
Maximum open files per session        2048

Idle session time (min)               15
The command completed successfully.

--WORKSTATION CONFIGURATION-- 
Computer name                        \\XYZPDF
User name                            xyzdba

Workstation active on                NetBT_NETFLX1 (00805F14C9CA) Nbf_NETFLX1
(00805F14C9CA) 
Software version                     Windows NT 3.51

Workstation domain                   WORKGROUP
Logon domain                         XYZPDF

COM Open Timeout (sec)               3600
COM Send Count (byte)                16
COM Send Timeout (msec)              250
The command completed successfully.

--GROUPS-- 
--LOCAL GROUPS-- 

Aliases for \\XYZPDF

------------------------------------------------------------------------------
-
*Administrators           *Backup Operators         *Guests
                  
*Power Users              *Replicator               *Users
                   
The command completed successfully.

--NAMES-- 

Name            
------------------------------------------------------------------------------
-
XYZPDF          
The command completed successfully.

--SESSIONS-- 

Computer               User name            Client Type      Opens Idle time

------------------------------------------------------------------------------
-
\\XYZDAS               xyzdba               NT               0     01D 19H
11M 
The command completed successfully.

--SHARES-- 

Share name   Resource                        Remark

------------------------------------------------------------------------------
-
REPL$        C:\WINNT35\system32\Repl\Export 
ADMIN$       C:\WINNT35                      Remote Admin
C$           C:\                             Default share
print$       C:\WINNT35\system32\spool\dr... Printer Drivers
IPC$                                         Remote IPC
ATAMAN       C:\ATAMAN                       
etc          C:\WINNT35\system32\drivers\etc 
xyzweb       C:\xyzweb                       
xyzrde        C:\xyzrde                        
temp         C:\temp                         
Unix         C:\Unix                         
HPlaser4si   LPT1:                  Spooled  SAMBA share printer
The command completed successfully.

--SERVER STATISTICS-- 
Server Statistics for \\XYZPDF


Statistics since 11/17/96 5:49 PM


Sessions accepted                  1
Sessions timed-out                 23
Sessions errored-out               25

Kilobytes sent                     1910
Kilobytes received                 1068

Mean response time (msec)          0

System errors                      0
Permission violations              0
Password violations                0

Files accessed                     642
Communication devices accessed     0
Print jobs spooled                 0

Times buffers exhausted

  Big buffers                      0
  Request buffers                  0

The command completed successfully.

--WORKSTATION STATISTICS-- 
Workstation Statistics for \\XYZPDF


Statistics since 11/17/96 5:49 PM


  Bytes received                               15082772
  Server Message Blocks (SMBs) received        35534
  Bytes transmitted                            15309249
  Server Message Blocks (SMBs) transmitted     35439
  Read operations                              1068
  Write operations                             11660
  Raw reads denied                             0
  Raw writes denied                            0

  Network errors                               11
  Connections made                             998
  Reconnections made                           0
  Server disconnects                           20

  Sessions started                             998
  Hung sessions                                0
  Failed sessions                              0
  Failed operations                            1
  Use count                                    221
  Failed use count                             3

The command completed successfully.

--SHARED RESOURCES IN USE-- 
New connections will not be remembered.


Status       Local     Remote                    Network

------------------------------------------------------------------------------
-
Disconnected G:        \\XYZPDF3\USR             Microsoft Windows Network
OK           J:        \\XYZNY2\xyzsdata          Microsoft Windows Network
The command completed successfully.

--USER INFORMATION-- 

User accounts for \\XYZPDF

------------------------------------------------------------------------------
-
Administrator            magenta                     Guest
                   
xyzdba                   xyzweb                   
The command completed successfully.

--SHARED RESOURCES-- 
Server Name            Remark

------------------------------------------------------------------------------
-
\\XYZ_ADMIN_PC         FMS station
\\XYZDAS               
\\XYZDEV1              Samba 1.9.16p6
\\XYZMGT               Samba 1.9.15p8
\\XYZNY2               Samba 1.9.15p8
\\XYZPDF               
\\XYZPDF1              
\\XYZPDF2              
\\XYZPDF3              
\\TESTPDF              RiffRaff at work
The command completed successfully.
Indexed By Date Previous: take off me from the list
From: Alexey Rashepkin <apr @ energoservis . ru>
Next: Re: Redundant FW-1s in Parallel!?
From: Bill Husler <Bill @ Husler . xo . com>
Indexed By Thread Previous: take off me from the list
From: Alexey Rashepkin <apr @ energoservis . ru>
Next: RE: Question on Windows NT web behind firewall
From: Russ <Russ . Cooper @ RC . on . ca>
Google
 
Search Internet Search www.greatcircle.com