> hello world,
>
> i found out that this program ICQ from MIRABILIS send some strange querys
> out.
> it's a request from port 40 to port 139. port 139 is, so far i know, used
> for netbios
> over tcp ... what the hell they are looking for on this port.is this
> something against the
> security?-) or do they have another reason to do this so ?-)..i can not
> exlain this to me
> and i would be happy if somebody could help me in understanding this. i
> hope you
> could read my english. ;-)
>
> thanx Andreas Engel :)
The ports 137 - 139 are used for netbios over tcp (139 actually is nbss).
If you send an special "Out of bound" meassge to that port unfixed Windows
PC´s can be
Winnuked:
NT WS and Server is killed (blue screen with processor halt);
You can fix it using SP3 and the OOB fix.
Win 95 stays running - but without any network connection left.
The info for fixing it, can be found at the ms site.
If attacking Win 3.x, a dos session ramains ...
MS will not fix it.
If you are running a firewall on NT WS or Server (Checkpoint or Raptor
eagle) you have to aply additional fixes to prevent the fw crashing down.
If using any router between fw and Internet, you should block those udp and
tcp ports (incoming and outcoming) to prevent windows broadcasts (Netbios
over TCP/IP) and Winnuke.
Jens Peschke
|
|
