Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Win2KSecurity Advice> 1999-q4

NTSecAdvice Archives: Re: Netbios and Nessus

Re: Netbios and Nessus

John Howie (JHowieMSN.COM)
Tue, 9 Nov 1999 09:28:16 -0800

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Steve Manzuik: "Administrative Notice - November 9, 1999"
Previous message: Bernard Bisuna: "InterScan VirusWall 3.23/3.3 Buffer Overflow"
Next in thread: NeuRomanCer: "Re: Netbios and Nessus"

Troy,

If you do not make disk or printer shares available from your machine: stop the Server service.

john...

  ----- Original Message -----
  From: Troy A. Parvatton
  To: WIN2KSECADVICELISTSERV.NTSECURITY.NET
  Sent: Tuesday, November 09, 1999 8:34 AM
  Subject: Netbios and Nessus

After running the Nessus security scanner ( http://www.nessus.org ) against my NT 4.0 Server (I mostly use it as a workstation) machine some information was returned that I am concerned about. Netbios revealed my computer name, workgroup name and username currently logged in. Nessus was able to tell me what OS I was running and in complained about having predictable TCP sequence #'s. Anyway, unlike the more serious security holes that are discussed on this list, this is just some small info that could possibly assist an attacker, so it concerns me.

I removed the Netbios Interface service (didn't need it) which solved the first problem I listed above. Why is the netbios-ssn still listening on port 139? How can I stop my OS from identifying itself to a Nessus security scan?

  ------------------------------------------------------------------------------------------------------------------------------------------------------------------
  - general/tcp INFO QueSO has found out that the remote host OS is * WindowsNT, Cisco 11.2(10a), HP/3000 DTC, BayStack Switch
  ------------------------------------------------------------------------------------------------------------------------------------------------------------------

  Yeah!! I have a lot to learn about NT and NT security, but while I continue that battle I would appreciate it if anyone could answer my questions.


  Regards,

  Troy A. Parvatton
  ---------------------------------------------------------------------------------------------------
  I'm not paranoid. That is just something my enemies say about me.
  ---------------------------------------------------------------------------------------------------

Next message: Steve Manzuik: "Administrative Notice - November 9, 1999"
Previous message: Bernard Bisuna: "InterScan VirusWall 3.23/3.3 Buffer Overflow"
Next in thread: NeuRomanCer: "Re: Netbios and Nessus"

This archive was generated by hypermail 2.0b3 on Tue Nov 09 1999 - 12:16:19 CST