Tuesday, November 09, 2004

Remember TCP 139 or 445

As told before you have to filter these ports.Maybe most of you done by now.But you have solved outside attacks to SMB by filtering on your gateway(router).But what about inside attackers! or dial-up clients who reside inside of your network?
... SMB (Microsoft Server Message Block) which forms the basis of Windows File and Print Sharing is accessible via APIs that can return rich information about windows even to UNAUTHENTICATED users!I have no decide to learn this and you won't see in my entire weblog at all but you should to know anti-attack method.This is a way that I tell to you.
Any way, Do the following:
- For WindowsNT 4.0 and earlier:
1. Open regedt32 and nevigate to HKLM\SYSTEM\CurrentControlSet\Control\LSA
2. Choose Edit Add Value and enter the following data:
Value Name: RestrictAnonymous
Data Type: Reg_DWORD
Value: 1
3. Exit & Restart.
- For Windows2000/XP/.NET:
On the "Security Policy", set for "Additional restrictions for anonymous permissions" to "No access Without Explicit Anonymous Permissions".
There are more configuration for XP/.NET that will tell later.

No comments: