i think everyone has been blocking those ports since 1998-ish (or at least you should be)
-sean On Mon, Sep 19, 2016 at 10:22 AM, Zach Underwood <[email protected]> wrote: > This was written from the view point of windows AD setup can affect home > users too since MS makes people use MS live accounts to log in to windows. > > *Problem:* > Outside servers can get username/domain/password hash. Once a remote > server has the login info they could connect to VPN, Office365 or an other > service that using AD domain user info. > See attachment for example. I got the example from a VM with a test > account on it. > > *Details:* > Microsoft based browsers like IE and Edge can be induced to make a > outbound smb connection to a remote server. In this connection Microsoft > will send over username, domain, and password hash. The remote server then > can do a decryption of the password hash using brute force, password, > dictionary and rainbow tables. > > *Fix:* > The fastest way to stop this is to block all of the smb networks ports on > the edge firewall for incoming and outgoing. The ports are 137-138udp, > 137tcp,139tcp, 445tcp > > *Sources:* > http://www.zdnet.com/article/windows-attack-can-steal-your-u > sername-password-and-other-logins/ > *Testing site*: > https://msleak.perfect-privacy.com/ > > -- > Zach Underwood (RHCE,RHCSA,RHCT,UACA) > My website <http://zachunderwood.me> > advance-networking.com >
