I am a firm believer in the stance that as your ISP, I am not your
mommy. We did no filtering or firewalling for our customers. The only
exception being the blocking of certain traffic that had no business
being on the open Internet. This is one of those things.
On Tue, Sep 20, 2016, 7:21 AM Richard Strittmatter <rich...@mesh.net
<mailto:rich...@mesh.net>> wrote:
We block, have for years and years..
Richard Strittmatter
*From:*Af [mailto:af-boun...@afmug.com
<mailto:af-boun...@afmug.com>] *On Behalf Of *Mike Hammett
*Sent:* Monday, September 19, 2016 11:59 AM
*To:* af@afmug.com <mailto:af@afmug.com>
*Subject:* Re: [AFMUG] everyone should be blocking SMB ports
Yes, block.
-----
Mike Hammett
Intelligent Computing Solutions <http://www.ics-il.com/>
<https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
Midwest Internet Exchange <http://www.midwest-ix.com/>
<https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
The Brothers WISP <http://www.thebrotherswisp.com/>
<https://www.facebook.com/thebrotherswisp>
<https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
------------------------------------------------------------------------
*From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com
<mailto:thatoneguyst...@gmail.com>>
*To: *af@afmug.com <mailto:af@afmug.com>
*Sent: *Monday, September 19, 2016 11:57:44 AM
*Subject: *Re: [AFMUG] everyone should be blocking SMB ports
Whats the WISP consensus on blocking those ports at the edge?
also, whats the best religion? if Ford or Chevy better? Whats the
greatest sports team?
On Mon, Sep 19, 2016 at 11:50 AM, Zach Underwood
<zunder1...@gmail.com <mailto:zunder1...@gmail.com>> wrote:
My work has its own IP address and get upstream from atnt and
charter. The smb ports are not blocked.
Zach Underwood (RHCE,RHCSA,RHCT,UACA)
http://ZachUnderwood.me
advance-networking.com <http://advance-networking.com>
On Sep 19, 2016 12:47 PM, "Josh Luthman"
<j...@imaginenetworksllc.com
<mailto:j...@imaginenetworksllc.com>> wrote:
Cable/Telco probably.
WISP? I dunno...
Josh Luthman
Office: 937-552-2340 <tel:937-552-2340>
Direct: 937-552-2343 <tel:937-552-2343>
1100 Wayne St
Suite 1337
Troy, OH 45373
On Mon, Sep 19, 2016 at 12:47 PM, Sean Heskett
<af...@zirkel.us <mailto:af...@zirkel.us>> wrote:
i think everyone has been blocking those ports since
1998-ish (or at least you should be)
-sean
On Mon, Sep 19, 2016 at 10:22 AM, Zach Underwood
<zunder1...@gmail.com <mailto:zunder1...@gmail.com>>
wrote:
This was written from the view point of windows
AD setup can affect home users too since MS
makes people use MS live accounts to log in to
windows.
**
*Problem:*
Outside servers can get username/domain/password
hash. Once a remote server has the login info
they could connect to VPN, Office365 or an other
service that using AD domain user info.
See attachment for example. I got the example
from a VM with a test account on it.
*Details:*
Microsoft based browsers like IE and Edge can be
induced to make a outbound smb connection to a
remote server. In this connection Microsoft will
send over username, domain, and password hash.
The remote server then can do a decryption of the
password hash using brute force, password,
dictionary and rainbow tables.
*Fix:*
The fastest way to stop this is to block all of
the smb networks ports on the edge firewall for
incoming and outgoing. The ports are 137-138udp,
137tcp,139tcp, 445tcp
*Sources:*
http://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/
*Testing site*:
https://msleak.perfect-privacy.com/
--
Zach Underwood (RHCE,RHCSA,RHCT,UACA)
My website <http://zachunderwood.me>
advance-networking.com
<http://advance-networking.com>
--
If you only see yourself as part of the team but you don't see
your team as part of yourself you have already failed as part of
the team.