wa_desert_rat Posted April 14, 2015 Report Share Posted April 14, 2015 SMB is enabled by default in every Windows OS since at least Windows 97 (and some iterations of W95). It is how Microsoft envisioned file sharing before tcp/ip and when Novell was the big competitor in that area. A known vulnerability back in the day made MS create a work-around configuration fix that almost solved it. But now there are some new variations to the vulnerability that has caused it to rear its ugly head. It is especially bad if you use Internet Explorer as your web browser! This is because iexplore.exe has some direct links to the registry that other browsers do not have and is part of the reason MS is coming out with a completely new browser. So, having said this, if you block outgoing tcp packets to ports 139 and 445 you will pretty much stop this vulnerability. But if you use a VPN blocking those ports at your router won't help. So just be aware of this. If your VPN endpoint allows tcp connections to ports 139 and 445 you could still be vulnerable. Also, as you may have gathered, this vulnerability mostly affects networks. If you're on your laptop or a Windows tablet it's not that big of an issue. But block those ports if you can, anyway. If you use Linux you probably aren't vulnerable even if you use Samba to share printers and files. But block the ports anyway unless you specifically need them. Here's a link to the article: http://www.csoonline.com/article/2908476/vulnerabilities/18-year-old-smb-vulnerability-resurfaces-dozens-of-vendors-affected.html?phint=newt%3Dcso_update&phint=idg_eid%3Dafbdce93df1132e5de07d306edf23bac#tk.CSONLE_nlt_update_2015-04-14 There is a long list of applications and utilities that are subject to this vulnerability at the end of this article. You should take a look at them. WDR 1993 Foretravel U225 with Pacbrake and 5.9 Cummins with Banks 1999 Jeep Wrangler, 4" lift and 33" tires Raspberry Pi Coach Computer Ham Radio Link to comment Share on other sites More sharing options...
StarDreamers.us Posted April 15, 2015 Report Share Posted April 15, 2015 Thanks for sharing. Safe Travels! SKP #89742 - Lifetime membership - Member of the SKP Class of 2007Good Sam Club - Lifetime MemberDataStorm #5423Passport America - Lifetime MemberSons Of The American Revolution (SAR) - Lifetime MemberAmerican Legion - USAF - Lifetime MemberRotary Club Member - 30 years Escapee CARE Supporter National Wildlife Refuge Volunteer Link to comment Share on other sites More sharing options...
SpaceNorman Posted April 22, 2015 Report Share Posted April 22, 2015 ... if you block outgoing tcp packets to ports 139 and 445 you will pretty much stop this vulnerability. But if you use a VPN blocking those ports at your router won't help. So just be aware of this. If your VPN endpoint allows tcp connections to ports 139 and 445 you could still be vulnerable. Blocking port #445 will be a problem if any of the applications you work with need to interface with Active Directory. The Spacenorman 2012 Holiday Rambler Endeavor 43' DFT 2012 Jeep Liberty Our Travel Website: www.penquinhead.com Link to comment Share on other sites More sharing options...
wa_desert_rat Posted April 22, 2015 Author Report Share Posted April 22, 2015 Blocking port #445 will be a problem if any of the applications you work with need to interface with Active Directory. Blocking port 445 at the edge router shouldn't be an issue. No one should be using Netbios across the Internet unless it's in a VPN anyway. WDR 1993 Foretravel U225 with Pacbrake and 5.9 Cummins with Banks 1999 Jeep Wrangler, 4" lift and 33" tires Raspberry Pi Coach Computer Ham Radio Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.