I would hope anyone in their right mind is not allowing these ports at the
firewall level. (in or out the internet side) Anyone who has these ports
open on their firewall **right now** needs to do the following:
1) Remove resumes from all web sites
2) Immediately quit your job as a network admin/security guru
3) Go to McDonalds or Burger King and work grill area, getting nowhere near
the POS terminals.
Thomas
-----Original Message-----
From: D H [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 18, 2000 4:53 PM
To: [EMAIL PROTECTED]
Subject: [FW1] Question about SANS "Dangerous Windows Flaw" advisory
Yesturday, SANS came out with a "Dangerous Windows Flaw" advisory (see
http://www.sans.org/newlook/resources/win_flaw.htm for details).
They recommend that you block outgoing Windows File Sharing at the firewall
by block outgoing traffic to ports UDP 138, UDP and TCP 139, and UDP and TCP
445.
udp 138 (predefined by CheckPoint as NB datagram)
tcp 139 (predefined by CheckPoint as NB session)
udp 139* (???NB Session Service???)
tcp and udp 445 (Microsoft-DS (DS=Directory Services?) not predefined)
I noticed that NB name is NOT included, but udp 139 is... Do you think they
meant to put UDP 137 (NB name) instead of UDP 139? (This way it would be the
group NBT + tcp/udp 445 for Directory Services.)
-- DH
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
