No, you're just not sending the right initalization for starting a WINS
transaction and it's dropping the conneciton, or it's timing out. M$ has
no clue about security and I severly doubt this is the case.
They're just having it send a RST when you send crap to the port.
Go try this with netcat.
-john
On Wed, 8 Mar 2000, Ron DuFresne wrote:
>
> seems M$ got that partly right then, even on windows <now that they
> patched a few parts of the tcp/ip stack and the Os a tad>, for try
> telnetting to like 137, 138, or 139 on a windows box and tossing crap at
> it.
>
> darkstar:/etc/ppp# telnet s2.dial13.new.nac.net 139
> Trying 209.123.99.102...
> Connected to s2.dial13.new.nac.net.
> Escape character is '^]'.
>
> ��Connection closed by foreign host.
>
> Why would this be such a tough thing for a firewall or more specially for
> a REAL proxy rather then a mere tunnel?
>
> Thanks,
>
> Ron DuFresne
>
> On Wed, 8 Mar 2000, John Adams wrote:
>
> > On Wed, 8 Mar 2000, Ng, Kenneth (US) wrote:
> >
> > > You want the truth? I caught one major firewall vendor in a big lie over
> > > this one. Their so called proxy was nothing more than a transparent
> > > connection, yet when I asked them if I put a telnet daemon on another
> >
> > Very few firewalls actually check that the protocol travelling over a
> > particular port -really is- what the port is supposed to be used for.
> >
> > Anyhow, I see this as an easily spoofable scenario, and building a
> > firewall to do protocol analysis would also have to support resetting the
> > connection if the protocol should ever deviate from the established norm.
> > It seems like this would be an incredible amount of work for the firewall
> > to do on each packet, as it would now have to maintain state for each
> > conversation (per protocol).
> >
> > Consider this, an inside employee sets up an ftp server on port 80 of
> > their home machine, and you don't want anyone using ftp because they might
> > ftp out your super seekrit widget plans. You say that outbound port 80
> > should only be web, but I blast a bunch of packets before my ftp
> > connection setup to fool the firewall (even better, I just forget the
> > whole FTP thing and perform an HTTP PUT...)
> >
> > IMHO, It's just too complex and not a real solution to security.
> >
> > -john
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "Cutting the space budget really restores my faith in humanity. It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation." -- Johnny Hart
> ***testing, only testing, and damn good at it too!***
>
> OK, so you're a Ph.D. Just don't touch anything.
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
