Cable/Telco probably.

WISP?  I dunno...


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Mon, Sep 19, 2016 at 12:47 PM, Sean Heskett <af...@zirkel.us> wrote:

> i think everyone has been blocking those ports since 1998-ish (or at least
> you should be)
>
> -sean
>
>
> On Mon, Sep 19, 2016 at 10:22 AM, Zach Underwood <zunder1...@gmail.com>
> wrote:
>
>> This was written from the view point of windows AD setup can affect home
>> users  too since MS makes people use MS live accounts to log in to windows.
>>
>> *Problem:*
>> Outside servers can get username/domain/password hash. Once a remote
>> server has the login info they could connect to VPN, Office365 or an other
>> service that using AD domain user info.
>> See attachment for example. I got the example from a VM with a test
>> account on it.
>>
>> *Details:*
>> Microsoft based browsers like IE and Edge can be induced to make a
>> outbound smb connection to a remote server. In this connection Microsoft
>> will send over username, domain, and password hash. The remote server then
>> can do a decryption of the password hash using brute force, password,
>> dictionary and rainbow tables.
>>
>> *Fix:*
>> The fastest way to stop this is to block all of the smb networks ports on
>> the edge firewall for incoming and outgoing. The ports are 137-138udp,
>> 137tcp,139tcp, 445tcp
>>
>> *Sources:*
>> http://www.zdnet.com/article/windows-attack-can-steal-your-u
>> sername-password-and-other-logins/
>> *Testing site*:
>> https://msleak.perfect-privacy.com/
>>
>> --
>> Zach Underwood (RHCE,RHCSA,RHCT,UACA)
>> My website <http://zachunderwood.me>
>> advance-networking.com
>>
>
>

Reply via email to