[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Wed, Dec 28, 2005 at 07:14:42PM +0000, Simon Waters wrote: <snip> > Like Neil, I've no idea how to relate this to the "l0phtcrack" article. > If you are exposing NT authentication to the web then you probably have > other issues, but it will show up as open ports 137-139 on the nmap > scan. Without proper firewalling Windows can be very chatty, sending all > sorts of inappropriate authentication details around, but almost every > firewall in existence kills port 137 to 139 dead as a default. Pretty > much you can assume if these ports are exposed, and it isn't deliberate, > then there is work to be done. The article just triggered a thought. I believe that the company is about to move from WinXP to Debian as a matter of policy (one user turned their firewall off, did something silly and we got hit by some 16,000 bits of email in under 24 hours. The webhost was very helpful but turned off 90% of the users for 4 days until we confirmed that every last virus was removed. A bit of a problem for a company that runs on email). I will be looking through Neil's comments, and will then contact our IT consultant to work out how to go forward. If I can point out to some users the real risks they are running and where they can easily and non-intrusively improve their security; the time will not be wasted. > > There is also the issue that running nmap/nessus, may be against your > ISPs T&C, and whilst it is unlikely your admins would turn you in, it > does pay to let relevant people know in advance, as having to change > ISP just because you tried to check your own security is a tad > embarassing and inconvenient. And a simple typo, or getting the subnet > mask wrong, on an nmap command line, and you can be scanning goodness > knows who. > > Demon Internet were very understanding on this last point, and once > issued me with "an explain what you are doing, or have service removed > in 30 minutes" email, I phoned the abuse team, and explained it was > authorised, and put them in contact with the relevant director, but > that could easily have got out off hand. Noted! >
Attachment:
signature.asc
Description: Digital signature