Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. users
vulverability found on port 139
vinod_k at mumbai
Aug 17, 2001, 2:23 AM
Post #1 of 2 (1739 views)
Permalink
hello,
i ran the nessus tool on a microsoft proxy server & i got a result stating that the port 139/TCP is open.a vulnerability was detected at port NETBIOS-ssn.the solution suggested by the tool was to filter the port 137 to 139.
but in my case i'm not in a position to follow that.
is there any alternative to this? so that i can close the hole without disturbing any of the settings.
the proxy server i've mentioned above is frequent access by a large number of hosts in the network.
thanks
vinod
Re: vulverability found on port 139 [ In reply to ]
omas.jakobsson at corren
Aug 17, 2001, 3:30 AM
Post #2 of 2 (1645 views)
Permalink
Hi
I have the same problem, but instead of closing the ports, you might
take extra care in securing your machine with the latest patches/and/or
restrivt anonymous access to the machine by saving these lines in a .reg
file and run it (WinNT4.0):


To set the system to “Do not allow enumeration of SAM accounts and
names”
---------------------------copy below
line-------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"RestrictAnonymous"=dword:00000001
---------------------------copy above
line-------------------------------



In windows 200 it´s a bit more to choose from:


To set the system to “Do not allow enumeration of SAM accounts and
names”
---------------------------copy below
line-------------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000001
---------------------------copy above
line-------------------------------


To set the system to “No access without explicit anonymous permissions”
---------------------------copy below
line-------------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000002
---------------------------copy above
line-------------------------------



I haven´t tried this yet, it might brake something, if it does, just set
the above values to zero instead of one or two.

Good luck!

Regards.

/Omas Jakobsson




> Vinod K K skrev:
>
> hello,
> i ran the nessus tool on a microsoft proxy server & i got a result
> stating that the port 139/TCP is open.a vulnerability was detected at
> port NETBIOS-ssn.the solution suggested by the tool was to filter the
> port 137 to 139.
> but in my case i'm not in a position to follow that.
> is there any alternative to this? so that i can close the hole
> without disturbing any of the settings.
> the proxy server i've mentioned above is frequent access by a large
> number of hosts in the network.
> thanks
> vinod

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal