Mailing List Archive: Nessus: users

vulverability found on port 139

Index | Next | Previous | View Threaded

vinod_k at mumbai

Aug 17, 2001, 2:23 AM

Post #1 of 2 (596 views)
Permalink

vulverability found on port 139

hello,
i ran the nessus tool on a microsoft proxy server & i got a result stating that the port 139/TCP is open.a vulnerability was detected at port NETBIOS-ssn.the solution suggested by the tool was to filter the port 137 to 139.
but in my case i'm not in a position to follow that.
is there any alternative to this? so that i can close the hole without disturbing any of the settings.
the proxy server i've mentioned above is frequent access by a large number of hosts in the network.
thanks
vinod

omas.jakobsson at corren

Aug 17, 2001, 3:30 AM

Post #2 of 2 (552 views)
Permalink

Re: vulverability found on port 139 [In reply to]

Hi
I have the same problem, but instead of closing the ports, you might
take extra care in securing your machine with the latest patches/and/or
restrivt anonymous access to the machine by saving these lines in a .reg
file and run it (WinNT4.0):

To set the system to “Do not allow enumeration of SAM accounts and
names”
---------------------------copy below
line-------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"RestrictAnonymous"=dword:00000001
---------------------------copy above
line-------------------------------

In windows 200 it´s a bit more to choose from:

To set the system to “Do not allow enumeration of SAM accounts and
names”
---------------------------copy below
line-------------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000001
---------------------------copy above
line-------------------------------

To set the system to “No access without explicit anonymous permissions”
---------------------------copy below
line-------------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000002
---------------------------copy above
line-------------------------------

I haven´t tried this yet, it might brake something, if it does, just set
the above values to zero instead of one or two.

Good luck!

Regards.

/Omas Jakobsson

> Vinod K K skrev:
>
> hello,
> i ran the nessus tool on a microsoft proxy server & i got a result
> stating that the port 139/TCP is open.a vulnerability was detected at
> port NETBIOS-ssn.the solution suggested by the tool was to filter the
> port 137 to 139.
> but in my case i'm not in a position to follow that.
> is there any alternative to this? so that i can close the hole
> without disturbing any of the settings.
> the proxy server i've mentioned above is frequent access by a large
> number of hosts in the network.
> thanks
> vinod

Attachments:

omas.jakobsson.vcf (0.49 KB)

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads