I thought ICQ was a program designed to help
people find each other (I seek you - get it)
My guess is that it uses netbios to communicate.
>>> "Jens Peschke" <j @
peschke .
h .
eunet .
de>
20/June/1997 05:20am >>>
> hello world,
>
> i found out that this program ICQ from MIRABILIS
send some strange querys
> out.
> it's a request from port 40 to port 139. port
139 is, so far i know, used
> for netbios
> over tcp ... what the hell they are looking for
on this port.is this
> something against the
> security?-) or do they have another reason to do
this so ?-)..i can not
> exlain this to me
> and i would be happy if somebody could help me
in understanding this. i
> hope you
> could read my english. ;-)
>
> thanx Andreas Engel :)
The ports 137 - 139 are used for netbios over tcp
(139 actually is nbss).
If you send an special "Out of bound" meassge to
that port unfixed Windows
PC4s can be
Winnuked:
NT WS and Server is killed (blue screen with
processor halt);
You can fix it using SP3 and the OOB fix.
Win 95 stays running - but without any network
connection left.
The info for fixing it, can be found at the ms
site.
If attacking Win 3.x, a dos session ramains ...
MS will not fix it.
If you are running a firewall on NT WS or Server
(Checkpoint or Raptor
eagle) you have to aply additional fixes to
prevent the fw crashing down.
If using any router between fw and Internet, you
should block those udp and
tcp ports (incoming and outcoming) to prevent
windows broadcasts (Netbios
over TCP/IP) and Winnuke.
Jens Peschke
|
|
