Daniel
Premium,MVM
join:2000-06-26
Pleasanton, CA
clubs: 
| reply to dave
Re: Windows File Sharing: Facing The Mystery
said by dave  :A good summary. I have a couple of technical nits to pick, thoguh. NetBIOS using these ports was benign enough initially because they were bound to a protocol called Netbeui. A little confusion here. You listed some TCP and UDP ports. Netbeui does not use TCP or UDP ports. When MS Networking (SMB) is using Netbeui, no TCP or UDP ports are involved. Heh, that's not a "little confusion", that's gross error.  Thanks for catching that; it was late.
Netbeui is in fact "portless", just like AH, ESP, and most other protocols aside from 06 and 17.
said by dave :Also, I wouldn't describe port 135 as being used by Windows File Sharing at all. It's the RPC endpoint mapper, which does not use Windows File Sharing protocols. RPC is not SMB. Very true, and I covered port 135's role when I described each port. Perhaps I should make the distinction a bit clearer, however.
said by dave :As far as I am aware, RPC endpoint mapping does not use port 445. I think it does, actually. Take for example this advisory by CERT where they advocate the following:
said by CERT:Using a network or host-based firewall, block RPC network traffic (ports 135/tcp, 139/tcp, 445/tcp, 593/tcp and 135/udp, 137/udp, 138/udp, 445/udp). » www.kb.cert.org/vuls/id/547820 Thanks so much for your comments, Dave, and everyone else's too. This forum just rocks because of the ability for people to bring content here and get it looked at without the negativity associated with many other venues.
--
dmiessler.com - grep understanding knowledge |
