i think everyone has been blocking those ports since 1998-ish (or at least
you should be)

-sean


On Mon, Sep 19, 2016 at 10:22 AM, Zach Underwood <zunder1...@gmail.com>
wrote:

> This was written from the view point of windows AD setup can affect home
> users  too since MS makes people use MS live accounts to log in to windows.
>
> *Problem:*
> Outside servers can get username/domain/password hash. Once a remote
> server has the login info they could connect to VPN, Office365 or an other
> service that using AD domain user info.
> See attachment for example. I got the example from a VM with a test
> account on it.
>
> *Details:*
> Microsoft based browsers like IE and Edge can be induced to make a
> outbound smb connection to a remote server. In this connection Microsoft
> will send over username, domain, and password hash. The remote server then
> can do a decryption of the password hash using brute force, password,
> dictionary and rainbow tables.
>
> *Fix:*
> The fastest way to stop this is to block all of the smb networks ports on
> the edge firewall for incoming and outgoing. The ports are 137-138udp,
> 137tcp,139tcp, 445tcp
>
> *Sources:*
> http://www.zdnet.com/article/windows-attack-can-steal-your-u
> sername-password-and-other-logins/
> *Testing site*:
> https://msleak.perfect-privacy.com/
>
> --
> Zach Underwood (RHCE,RHCSA,RHCT,UACA)
> My website <http://zachunderwood.me>
> advance-networking.com
>

Reply via email to