Network Applications and Network Applications Lab
Chapter Three Notes
Other Chapter Notes:
is well-known for giving away free information.
to Common Internet File System/Server Message Block (CIFS/SMB)
Windows NT/2000 Hacking Kit
has provided an administration CD for windows (Windows NT Resource
also provides many tools for hackers to use as well.
information on TCP port 139
will try to get a sense of what is on the wire, a.k.a.
“enumerating the NetBIOS wire”
tools and techniques for peering along NetBIOS wire are readily
available and most are built into the OS.
NT/2000 with net view
view is a built in tool
list domains available on the network
will give us users on a particular domain
hackers will use a NetBIOS scanner to check entire sites rather than
use these tools manually.
denying access to TCP and UDP ports 135 to 139 the previous
activities mentioned will not work, they will be blocked.
way to do this is to use a router, firewall, or other network
if you have tightly secured access to NetBIOS services, your system
may still cough up similar information if they are running the SNMP
object identifier (OID) specifies a specific branch of the Microsoft
enterprise Management namespace, so walking “up” the tree will
dump larger and larger amounts of information.
SNMP Enumeration Countermeasures
way to prevent this type of activity is to remove the SNMP agent or
turn it off.
sure to block access to TCP and UDP ports 161 (SNMP GET/SET) at all
perimeter network access devices
internal SNMP info to leak onto public networks is definite no-no.
go to the RFC website for
the latest in SNMP RFCs. (http://www.rfc-editor.org)
2000 Zone Transfers
simple zone transfer can enumerate a lot of interesting network
see RFC 2052.
Win 2000 zone transfers
should disallow zone transfers entirely by simply unchecking the
allow zone transfers.
Host Enumeration Countermeasures
to block access to TCP and UDP ports 135 though 139 and 445
that you’ll need to disable SMB services or set RestrictAnonymous
to secure them.
[Home] [Procedures] [Reading
Notes] [Back to Top]
Questions or Comments? Click here
to email me.