heh.. hrm.. youz guyz better block those ports
-----Original Message-----
From: Paul Cardon [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 18, 2000 4:57 PM
To: D H
Cc: [EMAIL PROTECTED]
Subject: Re: [FW1] Question about SANS "Dangerous Windows Flaw" advisory
D H wrote:
>
> Yesturday, SANS came out with a "Dangerous Windows Flaw" advisory (see
> http://www.sans.org/newlook/resources/win_flaw.htm for details).
>
> They recommend that you block outgoing Windows File Sharing at the
firewall
> by block outgoing traffic to ports UDP 138, UDP and TCP 139, and UDP and
TCP
> 445.
>
> udp 138 (predefined by CheckPoint as NB datagram)
> tcp 139 (predefined by CheckPoint as NB session)
> udp 139* (???NB Session Service???)
> tcp and udp 445 (Microsoft-DS (DS=Directory Services?) not predefined)
>
> I noticed that NB name is NOT included, but udp 139 is... Do you think
they
> meant to put UDP 137 (NB name) instead of UDP 139? (This way it would be
the
> group NBT + tcp/udp 445 for Directory Services.)
No. File sharing occurs over the ports they listed.
-paul
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
