My work has its own IP address and get upstream from atnt and charter. The
smb ports are not blocked.
Zach Underwood (RHCE,RHCSA,RHCT,UACA)
On Sep 19, 2016 12:47 PM, "Josh Luthman" <j...@imaginenetworksllc.com>
> Cable/Telco probably.
> WISP? I dunno...
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
> On Mon, Sep 19, 2016 at 12:47 PM, Sean Heskett <af...@zirkel.us> wrote:
>> i think everyone has been blocking those ports since 1998-ish (or at
>> least you should be)
>> On Mon, Sep 19, 2016 at 10:22 AM, Zach Underwood <zunder1...@gmail.com>
>>> This was written from the view point of windows AD setup can affect home
>>> users too since MS makes people use MS live accounts to log in to windows.
>>> Outside servers can get username/domain/password hash. Once a remote
>>> server has the login info they could connect to VPN, Office365 or an other
>>> service that using AD domain user info.
>>> See attachment for example. I got the example from a VM with a test
>>> account on it.
>>> Microsoft based browsers like IE and Edge can be induced to make a
>>> outbound smb connection to a remote server. In this connection Microsoft
>>> will send over username, domain, and password hash. The remote server then
>>> can do a decryption of the password hash using brute force, password,
>>> dictionary and rainbow tables.
>>> The fastest way to stop this is to block all of the smb networks ports
>>> on the edge firewall for incoming and outgoing. The ports are 137-138udp,
>>> 137tcp,139tcp, 445tcp
>>> *Testing site*:
>>> Zach Underwood (RHCE,RHCSA,RHCT,UACA)
>>> My website <http://zachunderwood.me>