Whats the WISP consensus on blocking those ports at the edge? also, whats
the best religion? if Ford or Chevy better? Whats the greatest sports team?

On Mon, Sep 19, 2016 at 11:50 AM, Zach Underwood <zunder1...@gmail.com>
wrote:

> My work has its own IP address and get upstream from atnt and charter. The
> smb ports are not blocked.
>
> Zach Underwood (RHCE,RHCSA,RHCT,UACA)
>
> http://ZachUnderwood.me
>
> advance-networking.com
>
>
>
> On Sep 19, 2016 12:47 PM, "Josh Luthman" <j...@imaginenetworksllc.com>
> wrote:
>
>> Cable/Telco probably.
>>
>> WISP?  I dunno...
>>
>>
>> Josh Luthman
>> Office: 937-552-2340
>> Direct: 937-552-2343
>> 1100 Wayne St
>> Suite 1337
>> Troy, OH 45373
>>
>> On Mon, Sep 19, 2016 at 12:47 PM, Sean Heskett <af...@zirkel.us> wrote:
>>
>>> i think everyone has been blocking those ports since 1998-ish (or at
>>> least you should be)
>>>
>>> -sean
>>>
>>>
>>> On Mon, Sep 19, 2016 at 10:22 AM, Zach Underwood <zunder1...@gmail.com>
>>> wrote:
>>>
>>>> This was written from the view point of windows AD setup can affect
>>>> home users  too since MS makes people use MS live accounts to log in to
>>>> windows.
>>>>
>>>> *Problem:*
>>>> Outside servers can get username/domain/password hash. Once a remote
>>>> server has the login info they could connect to VPN, Office365 or an other
>>>> service that using AD domain user info.
>>>> See attachment for example. I got the example from a VM with a test
>>>> account on it.
>>>>
>>>> *Details:*
>>>> Microsoft based browsers like IE and Edge can be induced to make a
>>>> outbound smb connection to a remote server. In this connection Microsoft
>>>> will send over username, domain, and password hash. The remote server then
>>>> can do a decryption of the password hash using brute force, password,
>>>> dictionary and rainbow tables.
>>>>
>>>> *Fix:*
>>>> The fastest way to stop this is to block all of the smb networks ports
>>>> on the edge firewall for incoming and outgoing. The ports are 137-138udp,
>>>> 137tcp,139tcp, 445tcp
>>>>
>>>> *Sources:*
>>>> http://www.zdnet.com/article/windows-attack-can-steal-your-u
>>>> sername-password-and-other-logins/
>>>> *Testing site*:
>>>> https://msleak.perfect-privacy.com/
>>>>
>>>> --
>>>> Zach Underwood (RHCE,RHCSA,RHCT,UACA)
>>>> My website <http://zachunderwood.me>
>>>> advance-networking.com
>>>>
>>>
>>>
>>


-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Reply via email to