Hi,

When you say edit "C:\WINNT\system32\drivers\etc\-anyfiles" for example
"services", it's mean that is possible to lock down a port with a simple "#"
at the start of the line ?

If it's true, it's a very good way to secure a NT Box ! It's also a none
popular way in NT's world.

Regards,

Raphaël
----- Original Message -----
From: "James Carter" <jcarterGENUITY.NET>
To: <FOCUS-MSSECURITYFOCUS.COM>
Sent: Wednesday, April 04, 2001 1:53 AM
Subject: Re: Windows 2000 Server Questions

> -----BEGIN PGP SIGNED MESSAGE-----
>
> This is a bit of help.
>
> http://windowsupdate.microsoft.com/?IE
>
> This site will give you most of the updates you need and keep the
> reboots to a minimum. However the security patches are another story.
> Microsoft is a little slow on applying them to the windowsupdate
> site.
>
> IE 5.5 Sp1 is recommended, and go to this site for regularly updated
> patches as well as info.
>
> http://www.microsoft.com/technet/security/default.asp
>
> Particular note on the MIME vulnerability, and the necessity of
> having the right version of IE installed. When you download the patch
> it has 2 IE versions that you can select from IE 5.01 sp1 and IE 5.5
> sp 1 the latter of the 2 I recommend. It should be painfully obvious
> that this means these are the versions you should be running but
> since I have seen countless e-mails and buleetins flaming Microsoft
> for their patch not working, I thought it best to bring it up.
>
> Also.....to manually lock down ports on the box please do this:
>
> Double Click 'My Computer' click 'Tools' Click 'Folder Options' click
> the 'View' tab, enable display compressed files and folders with
> alternate colors, display full path in address bar, display full path
> in title bar, enable show hidden files and folders, disable hide file
> extensions for known file types, disable hide protected operating
> system files(your gonna need this and can disable when finished and
> is recommended espescially if you will have others messing with
> stuff). Leave everything else like it is and click 'APPLY' then click
> 'LIKE CURRENT FOLDER'. This will then propagate the same view to any
> location you open up via a double click on my computer and browsing
> down the file tree.
>
>
> Now, for the meat of it. Browse down the file tree to:
> C:\WINNT\system32\drivers\etc (this was copied and pasted because of
> the ease of use brought upon by enabling some of the afore mentioned
> features)
> here you will see files you will want to modify to lock down the
> server at the port level.
> Most specifically, 'protocol' and 'networks', these will open up
> simply enough with 'notepad.exe'.
>
> This should help somewhat, good luck.
>
> - -----Original Message-----
> From: Focus on Microsoft Mailing List
> [mailto:FOCUS-MSSECURITYFOCUS.COM]On Behalf Of Kyle Buehler
> Sent: Monday, April 02, 2001 11:09 AM
> To: FOCUS-MSSECURITYFOCUS.COM
> Subject: Windows 2000 Server Questions
>
>
> So here's the situation. I'm the "New IT Guys". There have been 3
> before me, and I'm working on a Windows 2000 Server that has been
> setup via a tagteam of consultants. I'm not a Miscrosoftie by nature,
> but I deal with it here and there and in Advanced Windows 2000 at
> school. *joke* None the less, I'm getting into it. Anyway, here's
> some problems that are confusing me at the current moment ...
>
> 1. I did a security audit against the server using Nessus and it
> came back with ports 34555/udp, 27444/udp, 18753/udp, and 10498/tcp
> possibly running Trin00, Trin00, Shaft, and mstream respectively. I
> ran a few nmap scans against it and did not find the port open.
> netstat -an didn't yield any info either. I thought at first it was
> just catching normal traffic , but multiple scans have come out the
> same. Any idea what this could be? McAfee is up to date and running
> full scans once a night, and research shows that it should catch all
> the possible trojans.
>
> 2. Ports 6666 and 6667 are open also, but yield no warnings from
> Nessus. I know we are not running an irc server, so is there any 2k
> serive that claims those ports? Again, netstat didn't show anything
> useful.
>
> In my scan I found that only SP1 had been applied and the server
> was in desperate need of netbios-ssn hotfixes since I'm not quite
> sure wheather I have a cracker on my tail or not. I downloaded the
> required patches and applied them individually.
>
> 3. Is there a way to apply the patches without having to reboot
> everytime? This is a server that takes 5-10 minutes for a full cycle.
> Once I applied the patches I ran my scans again and the "problem"
> hadn't been fixed. Am I doing something wrong just running them?
>
> 4. Nessus found /_vti_bin/_vti_aut/dvwssr.dll ... I read up on this,
> except I can't find it in the directory shown, and that file doesn't
> come up by name in a find. Does it have another alias or counterpart?
>
> 5. The server is running Exchange, and it allows open relaying which
> I am kind of concerned about. Currently the consultant is the one
> working the Exchange Setup ( I plan to remedy that eventually), but
> where can I get some info on configuring something like that. Just
> looking at the Server Manager really looks like he got it working,
> and didn't go any farther than that.
>
> An help would be appreciated.
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
>
> iQEVAwUBOspie1Dumg0FbJxvAQFOAAf+NGGHaNM1EtOBitIYTCjQxwZP1Y2a6ZKC
> 6OafAvyR+EG+Uk+45eHgsBM5RCfmFfwLUDOy/jFTKPO1Tuqfh467RuLOilzB9SRe
> sVaf5TL3JRRjsZIGX/Tws0Cc1/RVE9gIZt1aEwN/thXSfbt89fZgVX4cHHeHIKT4
> gMBf5O45YSW0Ms5u1LloImIhLcyhGq5ejNi+u1z7XmGdnXuNvK1dy11qoRhoAQE1
> g0dAwMId5deNXjZlvgGypEQs8NN9u/4yhNdZwTXRtUkOK16ye652P5QGihwbXvVL
> cRZhPboXSdIkhFnYo6OqMYG+RcAuPuSOnFGTYauDolByqefEgSsLkA==
> =ib31
> -----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]