August 31st, 2002, 10:50 AM
W2k/XP, security features?
I have W2k prof. and my friend has an unpatched, non-modified XP Home Version. He put on the ICF and he ended up stealth in all ports (coming from symantec, grc, and dslreports)<he also doesnt have an anti virus. For me, I modified everything I could think of and yet I have 445 and another port open. I don't get it
August 31st, 2002, 02:58 PM
Not too sure about this, but..
WinXP Home Edition is solely a stand-alone system, by which I mean it cannot be integrated into a network ( only to workgroups, I think. ) So as opposed to Win2k Professional, I guess it runs a lot less 'services' as an OS, whilst Win2k runs more, since its primarily designed for the Client-Server thing. More services means more vulnerability, and XP's scarcity of running services ( in the HOME edition ) might be the reason. Could this be the reason? Please correct me if I'm wrong.
I blame you cos my mind is not my own, so don't blame me if I trespass in your zone!
August 31st, 2002, 05:28 PM
Azn_Acid02 this is indeed possible. If this Win2k Pro is just your desktop, install a personal firewall like Sygate or Agnitum to make your ports stealth. Port 445 is open by default on a fresh XP install . Also on Win2K boxes port 445 is open by default. It's the port used for file sharing.
MS says that it's not the 445 port but weak user passwords that cause the problem. Therefor I advise everyone who needs file sharing and port 445 enabled to use realy secure passwords. The port is opened by ntoskrnl.exe
Except for the possibilty that someone's cracks your password, port 445 can also be used to flood your box with SYN Flag, resulting in a denail of service due to 100% cpu usage.
Even the microsoft network was compromised due to this flaw:
In August, a hacker told Newsbytes he was able to penetrate hundreds of machines on Microsoft's corporate network because they had improperly secured port 445, which is used by Windows 2000 for network file sharing.
At the time, Microsoft would not confirm or deny the intrusion. But Scott Culp, head of the company's security response team, acknowledged that Windows 2000 ships with port 445 open by default and does not require administrators to set a password.
In an attempt to harden security in Windows XP, the new operating system will disable file sharing if an administrator does not password protect port 445
August 31st, 2002, 09:08 PM
I've said this many times before in AO forums (try a search..) tcp 445 on w2K/winXP is for SMB over TCP, in other words, file sharing without NetBIOS (NetBIOS over TCP is port 137-139)...
Things you can do (from most secure to less):
-Disable file & printer sharing.
-Unbind file sharing from the external adapter (through the advanced menu in network & dialup settings)
-Set restrict anonymous to "No access without explicit permissions" (will prevent enumeration of shares, accounts & etc...
-Set strong passwords so breaking in an enumerated account/share will be very long
Credit travels up, blame travels down -- The Boss
August 31st, 2002, 09:33 PM
My dad has an XP home edition and I put on the ICF also and scanned at GRC and his ports didnt show up stealth at all. Im not part of a network and neither is my friends or dads. DSL reports on my machine said that all the ports were filtered.
September 1st, 2002, 01:37 PM
Right I'm pretty sure someone posted this link a while ago (don't remember who) but it seems kinda relevant. This is basically a quick guide to turning off unnecessary services in XP/2000, to improve performance and security.
September 2nd, 2002, 03:04 AM
September 7th, 2002, 06:55 PM
Here is another thread posted recently. It may help as well. Also, make sure to do a search before you post. It's hard to get used to at first, but we all benefit in the end because there are less unnecessary posts. Take care.