Actually, that was a great link... I think that a Windows version of DCETEST is more of what I'm looking for, though. I'll search around for it, but in the meantime I have our local Unix-head working on the version posted there.
Thanks again, -Aaron -----Original Message----- From: JD [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 14, 2001 3:42 PM To: Aaron Kennedy Subject: Re: Specific vulnerabilities Most of what I've seen are Denial of Service attacks as opposed to actually getting in.... Having said that, I have to believe that more can be done. http://www.atstake.com/research/tools/ Try NBTDUMP from the above page and see what you can pull from outside your firewall. I have everything blocked off so I can't give you any idea on what will come up or if it will even work. This tool gives you a list of accounts among other things... I'm betting that some brute force work or cracking tools will get someone in if this tool works. Good luck! -james Take what you like and leave the rest. ----- Original Message ----- From: "Aaron Kennedy" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, November 14, 2001 1:53 PM Subject: Specific vulnerabilities All, I'm sort of barging into the list here as I haven't really even have much of a chance to lurk yet, but I'm looking for an answer to a specific problem and hope I could get some definitive answers. A client of ours had an MS Exchange 5.5 server. A few of the executives travel frequently and their previous IT support guy had setup their Firewall to pass traffic directly through to the Exchange server (port 135, plus the static ports as set in the registry). They liked this solution because they said it was much faster than VPN for accessing their email. We have supported this company for more than a year now, and they have since been upgraded to Exchange 2k. I tried to take this opportunity to force the executives to a VPN solution, as it made me nervous to open those ports on the firewall (especially 135), but they said the performance simply wasn't what they wanted, and the extra step of authenticating through the VPN first was too much trouble... (Comments not needed on that... I hear everyone's pain, but my hands are tied. I've tried... really.) That being said, they are generally a reasonable lot and would be willing to change if it was shown that there was a credible security risk. The problem is I cannot seem to locate any specific vulnerabilities which are opened by allowing traffic over ports 135, 1026 (for authentication) and the 3 preset static ports for the Exchange services. The other problem is that because the users are mobile and are using a number of different internet connections, I can't feasibly restrict incoming traffic on those ports to certain addresses or subnets. Can anyone offer some definitive "this is bad because" points, or offer what kind of information or risk there is in keeping port 135 open? Much appreciated. -Aaron _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
