Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: No NetBios share + No Open Port = Safe Win98?

from [Frynge Customer Support] Network Security [Permanent Link]
Subject: Re: No NetBios share + No Open Port = Safe Win98?
Date: Mon, 25 Sep 2006 10:11:13 -0600 
I dont know if anyone has replied to this yet, but here is some advice.

The port 139 exploit was usually used for file and printer sharing hacks. Having that port open will allow someone to see your computer online with programs that will check for file and printer sharing vulnerabilities and also, possibly use your computer for DDOS attacks or flood your computer via that port.

I would make sure file and printer sharing is not on (you may not have set it on, but sometimes its on by default and with no password)

YOU SAID "I used winipcfg.exe to obtain my IP address (192.168.1.101) "

It tells me you are on an internal network and that is not your real ip address but an internal address. You will have another ip that is your real ip address, you can find this by googling it and looking for online ip finders.

For DDOS and flood attacks make sure you have a nice firewall set up and you should be fine.

Win98 closed that port in later additions and service packs, so you may want to update your windows at windows update if you can.

Kelly Sigethy
Frynge.com

----- Original Message ----- From: <gohyongkwang@hotmail.com>
To: <security-basics@securityfocus.com>
Sent: Friday, September 22, 2006 9:01 PM
Subject: No NetBios share + No Open Port = Safe Win98?


Hi,

I'm using an old computer at home for casual personal communication (checking Web based emails and MSN instant messaging) and Web surfing and it is still running on Windows 98 SE due to its limited RAM and CPU power. No plan to upgrade and the computer is still good enough for the simple job.

Nevertheless, since I connect my computer to the Internet via a ADSL router/modem, I did some preliminary check on my computer to see how secure I am.

I used winipcfg.exe to obtain my IP address (192.168.1.101) and did a netstat -a on it to find out what ports are open and/or listening. It reports only port 139 as listening, which after googling around a bit says it's a NetBios session port. Dunnoe what this means though, but I've _not_ enabled "File and Printer Sharing."

Now assuming I'm a cautious Web surfer who uses Firefox and only visit reputable sites like MSN, Yahoo! and Google, and avoid visiting hacking sites and running hacking tools, and that my computer is currently not infected by malware, virus or rootkit (i.e. computer is clean and updated), is there any way that a hacker can still connect to my computer over the Internet, browse my hard disk and steal my files?

Theoretically, I've not enabled port forwarding in my router/modem, and so external computer trying to ping or connect to my computer should not succeed, and if there's no port listening at all (except for port 139), no other computer should be able to infilitrate right?

Yet, I can't say anything is foolproof. So just like to seek your expert opinion. What are the other areas I should continue to look at to further protect my system? Is it still possible to be attacked through a listening port 139 with file sharing disabled?

Thanks in advance.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------




---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Looking for the softwares to monitor our file server, Goran Pizent
Next by Date:  SMTP Traffic Replay, John Madden
Previous by Thread:  Re: No NetBios share + No Open Port = Safe Win98?, dave
Next by Thread:  Re[2]: No NetBios share + No Open Port = Safe Win98?, gmx
Indexes:  [Date] [Thread] [Top] [All Lists]