My work has its own IP address and get upstream from atnt and charter. The smb ports are not blocked.
Zach Underwood (RHCE,RHCSA,RHCT,UACA) http://ZachUnderwood.me advance-networking.com On Sep 19, 2016 12:47 PM, "Josh Luthman" <j...@imaginenetworksllc.com> wrote: > Cable/Telco probably. > > WISP? I dunno... > > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > On Mon, Sep 19, 2016 at 12:47 PM, Sean Heskett <af...@zirkel.us> wrote: > >> i think everyone has been blocking those ports since 1998-ish (or at >> least you should be) >> >> -sean >> >> >> On Mon, Sep 19, 2016 at 10:22 AM, Zach Underwood <zunder1...@gmail.com> >> wrote: >> >>> This was written from the view point of windows AD setup can affect home >>> users too since MS makes people use MS live accounts to log in to windows. >>> >>> *Problem:* >>> Outside servers can get username/domain/password hash. Once a remote >>> server has the login info they could connect to VPN, Office365 or an other >>> service that using AD domain user info. >>> See attachment for example. I got the example from a VM with a test >>> account on it. >>> >>> *Details:* >>> Microsoft based browsers like IE and Edge can be induced to make a >>> outbound smb connection to a remote server. In this connection Microsoft >>> will send over username, domain, and password hash. The remote server then >>> can do a decryption of the password hash using brute force, password, >>> dictionary and rainbow tables. >>> >>> *Fix:* >>> The fastest way to stop this is to block all of the smb networks ports >>> on the edge firewall for incoming and outgoing. The ports are 137-138udp, >>> 137tcp,139tcp, 445tcp >>> >>> *Sources:* >>> http://www.zdnet.com/article/windows-attack-can-steal-your-u >>> sername-password-and-other-logins/ >>> *Testing site*: >>> https://msleak.perfect-privacy.com/ >>> >>> -- >>> Zach Underwood (RHCE,RHCSA,RHCT,UACA) >>> My website <http://zachunderwood.me> >>> advance-networking.com >>> >> >> >
