OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: W2K Pro ICS/NAT
From: H C (carvdawgPATRIOT.NET)
Date: Thu Aug 10 2000 - 21:24:34 CDT


Go with Dave's suggestion. GNIT is just the nbtstat and net use commands wrapped

in Perl, and then wrapped into an .exe using Perl2Exe...

David LeBlanc wrote:

> Since he's running Windows 2000, if he doesn't have any Win9x clients, set
> RestrictAnonymous = 2, and you'll be surprised at how little it finds.
>
> At 07:30 AM 8/10/00 -0700, Chris Palazzolo wrote:
> >If you'd like to see what port 139 is giving them, I suggest you go to
> >http://www.securityfocus.com and download the tool called GNIT. Use the beta
> >version one as it works fine with NT/2000/9x.
> >
> >You'll be surprised at what you find.
> >
> >-Chris
> >
> >-----Original Message-----
> >From: Turner, Robert D. Jr [mailto:Robert.TurnerIBX.COM]
> >Sent: Thursday, August 10, 2000 5:39 AM
> >To: win2ksecadviceLISTSERV.NTSECURITY.NET
> >Subject: W2K Pro ICS/NAT
> >
> >
> >Below is output of an NMAP scan of my W2K Pro box that is only running ICS
> >(NAT). The purpose of this box is to route between my internal private
> >network at home and our corporate network. We have a DSL connection direct
> >to work. Work is essentially my ISP. I've Xd out the IP address and server
> >name. I'm not sure how to evaluate this. Can anyone comment on these open
> >ports, such as how a black hat hacker could take advantage of them?
> >
> >BobT
> >--------------
> >
> >Starting nmapNT V. 2.53 by ryaneEye.com
> >eEye Digital Security ( http://www.eEye.com )
> >based on nmap by fyodorinsecure.org ( www.insecure.org/nmap/ )
> >
> >No tcp,udp, or ICMP scantype specified, assuming vanilla tcp connect() scan.
> >Use
> > -sP if you really don't want to portscan (and just want to see what hosts
> >are u
> >p).
> >
> >Host xyz (xxx.xx.xxx.xx) appears to be up ... good.
> >Initiating TCP connect() scan against xyz (xxx.xx.xxx.xx)
> >
> >Adding TCP port 1002 (state open).
> >Adding TCP port 389 (state open).
> >Adding TCP port 135 (state open).
> >Adding TCP port 139 (state open).
> >Adding TCP port 1058 (state open).
> >
> >The TCP connect scan took 1521 seconds to scan 1523 ports.
> >Interesting ports on xyz (xxx.xx.xxx.xx):
> >(The 1518 ports scanned but not shown below are in state: closed)
> >
> >Port State Service
> >135/tcp open unknown
> >139/tcp open unknown
> >389/tcp open unknown
> >1002/tcp open unknown
> >1058/tcp open nim
> >
> >Nmap run completed -- 1 IP address (1 host up) scanned in 1522 seconds
> >
> >_____________________________________________________________________
> >** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
> >** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
> >SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
> >
> >_____________________________________________________________________
> >** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
> >** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
> >SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
> >
> David LeBlanc
> dleblancmindspring.com
>
> _____________________________________________________________________
> ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
> ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
> SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net