RE: Netbios

Fri, 9 Apr 1999 00:37:24 -0400 

Okay, I'm prepared to look stupid.

Why would the layout require an exposed NBT server? My na�ve visualisation
was of packets going out from happyinternalhost.com to tcp/udp 138/139 on
suspicious.bigbadinternet.com. The packets would be allowed out by the
firewall, the response would come back, get cleared (established traffic)
and the session would be established.

The internal hosts would need some entry to map the NB to IP addresses, but
couldn't an internal WINS server or LMHOSTS file take care of that?

This would not allow happyinternalhost to share any of its own files with
suspicious though.

I mean it's crappy in terms of man-in-the-middle, but that's suspicious's
problem, not ours. It's our passwords for _their_ network that are on the
wire. Unless we're using the internal usernames and passwords, which is
potentially bad. And M-I-M could be low risk if they own the wire in
between.

I'm not sure it's how _I'd_ do it, but I can't see how it's as drastic as
having people able to connect to NB ports on your local network.

So anyway, what did I miss, Chris?

--
Ben Nagy
Network Consultant, CPM&S Group of Companies
Direct Dial: (08) 8422 8319 Mobile: (0414) 411 520

        -----Original Message-----
        From:   cbrenton [SMTP:[EMAIL PROTECTED]]
        Sent:   Thursday, April 08, 1999 3:34 AM
        To:     pdmallya
        Cc:     [EMAIL PROTECTED]
        Subject:        Re: Netbios

        On Wed, 7 Apr 1999, pdmallya wrote:

        > A department in my company wants to permit PC's in our network to
access
        > files in machines on an external network using Netbios
file-sharing. 

        A couple of things to consider:

        1) You have an exposed NBT server outside the firewall.
        2) This server must have valid account information for internal
users
        3) Most likely logon names and passwords will match your internal
systems
        4) you will have an LMHOSTS file or WINS entry that identifies
internal
        systems
        5) If the exposed system allows null connections, a list of valid
users
        can be pulled anonymously.
        6) If I compromise the external system, I may be able to install
        sniffer/trojan software which will monitor outbound activities.

        I'm sure others will come up with more, but I'm running late for a
        meeting. ;)

        Cheers,
        Chris
        -- 
        **************************************
        [EMAIL PROTECTED]

        * Multiprotocol Network Design & Troubleshooting
        http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
        * Mastering Network Security
        http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet

        -
        [To unsubscribe, send mail to [EMAIL PROTECTED] with
        "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to