Cable/Telco probably. WISP? I dunno...
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Sep 19, 2016 at 12:47 PM, Sean Heskett <[email protected]> wrote: > i think everyone has been blocking those ports since 1998-ish (or at least > you should be) > > -sean > > > On Mon, Sep 19, 2016 at 10:22 AM, Zach Underwood <[email protected]> > wrote: > >> This was written from the view point of windows AD setup can affect home >> users too since MS makes people use MS live accounts to log in to windows. >> >> *Problem:* >> Outside servers can get username/domain/password hash. Once a remote >> server has the login info they could connect to VPN, Office365 or an other >> service that using AD domain user info. >> See attachment for example. I got the example from a VM with a test >> account on it. >> >> *Details:* >> Microsoft based browsers like IE and Edge can be induced to make a >> outbound smb connection to a remote server. In this connection Microsoft >> will send over username, domain, and password hash. The remote server then >> can do a decryption of the password hash using brute force, password, >> dictionary and rainbow tables. >> >> *Fix:* >> The fastest way to stop this is to block all of the smb networks ports on >> the edge firewall for incoming and outgoing. The ports are 137-138udp, >> 137tcp,139tcp, 445tcp >> >> *Sources:* >> http://www.zdnet.com/article/windows-attack-can-steal-your-u >> sername-password-and-other-logins/ >> *Testing site*: >> https://msleak.perfect-privacy.com/ >> >> -- >> Zach Underwood (RHCE,RHCSA,RHCT,UACA) >> My website <http://zachunderwood.me> >> advance-networking.com >> > >
