RE: Re[2]: No NetBios share + No Open Port = Safe Win98?

Hi,

Dropping connections at your firewall is good way to stop the attack but
isn't it like locking yourself inside a stone castle to keep safe remember
you cant get out either. And if someone wants to do this every other day to
your network I figure a lot of your internal users would be less than happy
locked inside you virtual stone castle.

Regards

Jag

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Gethinj
Sent: Thursday, September 28, 2006 9:57 PM
To: gmx; security-basics@securityfocus.com
Cc: Frynge Customer Support
Subject: Re: Re[2]: No NetBios share + No Open Port = Safe Win98?

Hi All,

OK, so a firewall won't stop a DDOS attack from flooding your internet pipe,
but it will stop the attack from actually getting to you internal network.
The firewall will also stop your internal machines broadcasting on port 139
adn 445, and if your firewall drops all external connections (including
ICMP) and you're not broadcasting everything to the internet there is less
(not much, but deffinately less) chance of your actually being attacked in
the first please - if you can see it, you can attack it.

To be honest lots of firewalls are able to withstand a DDOS attack, they
drop the connections, in my book that's withstanding an attack. If the
internet pipe fills up, it doesn't stop the firewall doing it's job :-) just
stops internet access, when the attack has finished your network still works
:-)

Best Regards

Gethin

-----Original message-----
From: gmx pal_adam@gmx.net
Date: Wed, 27 Sep 2006 21:00:39 +0100
To: security-basics@securityfocus.com
Subject: Re[2]: No NetBios share + No Open Port = Safe Win98?

> Hello Frynge,
>
> Monday, September 25, 2006, 6:11:13 PM, you wrote:
>
> <==============Original message text===============
> FCS> I dont know if anyone has replied to this yet, but here is some
advice.
> FCS> The port 139 exploit was usually used for file and printer sharing
hacks.
> FCS> Having that port open will allow someone to see your computer online
with
> FCS> programs that will check for file and printer sharing vulnerabilities
and
> FCS> also, possibly use your computer for DDOS attacks or flood your
computer via
> FCS> that port.
>
> FCS> I would make sure file and printer sharing is not on (you may not
have set
> FCS> it on, but sometimes its on by default and with no password)
>
> FCS> YOU SAID "I used winipcfg.exe to obtain my IP address (192.168.1.101)
"
> FCS> It tells me you are on an internal network and that is not your real
ip
> FCS> address but an internal address.  You will have another ip that is
your real
> FCS> ip address, you can find this by googling it and looking for online
ip
> FCS> finders.
>
> FCS> For DDOS and flood attacks make sure you have a nice firewall set up
and you
> FCS> should be fine.
>
>
> Erm what ? As far as i know, no private firewall is able to stand
> against a strong DDOS, and corporate firewalls are only able to
> mitigate it, not more.
> Having a nice firewall set up will not save no one from a serious
> ddos, maybe just from some attepts of unexperienced scriptkiddies...
>
> FCS> Win98 closed that port in later additions and service packs, so you
may want
> FCS> to update your windows at windows update if you can.
>
> FCS> Kelly Sigethy
> FCS> Frynge.com
>
> FCS> ----- Original Message ----- 
> FCS> From: <gohyongkwang@hotmail.com>
> FCS> To: <security-basics@securityfocus.com>
> FCS> Sent: Friday, September 22, 2006 9:01 PM
> FCS> Subject: No NetBios share + No Open Port = Safe Win98?
---------------------------------------------------------------------------
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic Excellence 
> in Information Security. Our program offers unparalleled Infosec
management 
> education and the case study affords you unmatched consulting experience. 
> Using interactive e-Learning technology, you can earn this esteemed
degree, 
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
>


Best Regards

Gethin


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------