Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: Getting Hacked NOW

  1. #11
    Senior Member
    Join Date
    Jan 2004
    Posts
    172
    yes 135-139 is open for local outlook taffic for customers(not my recommendation but the company won't change that)

  2. #12
    Originally posted here by zENGER
    IPSec is a VPN standard, not really a firewall standard or a way to block ports.

    It sounds like you have some serious openings that shouldn't be open. Do you have 137-139 open to the internet?
    Not everyone gets to play in a whitepaper sandbox. IPSec is a very good tool when you have to be creative. Would I have rather used a different solution? Absolutely! But, it worked.



    What IPSec will do for you is, while you don't necessarily close the port 135-139, you limit the connections in and out of the box to specific IP ranges on those ports. Outside attacks can no longer exploit that particular AD vulnerability.

  3. #13
    Senior Member
    Join Date
    Jan 2004
    Posts
    172
    anyone know of a way using windows 2003 to deny this guy from trying again.

  4. #14
    Senior Member
    Join Date
    Jul 2004
    Posts
    469
    If you have 135-139 open to the internet, then you're going to have some major issues.

    What I would suggest is to use a VPN solution for your remote customers instead of allowing that traffic straight into the network.

  5. #15
    Originally posted here by jbclarkman
    anyone know of a way using windows 2003 to deny this guy from trying again.
    If you have your Win2k3 AD up, then use your Group Policy tool to set up an IPSec policy. First, the default should be deny all. Then open only those ports you need to specific IP ranges. Make sure you have a list of the apps (AV, SMTP and such) on your network that need ports open for specific traffic. You can tailor the IPSec policy to special case OUs for those situations where you have exceptions to the general rules.

    This won't be quick, and will require some planning and testing.

    Hope that helps.

  6. #16
    wait until the hacker connects again and is inside the machine - then pull its net connection trapping him inside!!!



    Thanks bash...../coat

  7. #17
    Member
    Join Date
    Dec 2004
    Posts
    48
    Originally posted here by jbclarkman
    yes 135-139 is open for local outlook taffic for customers(not my recommendation but the company won't change that)
    Sorry for wagging my finger, and I'm not even sure what your job is at the company, but maybe you should explain to "the company" why having ports 135-139 open on the network is probably a bad idea. Even if you have to have them open, couldn't you at least filter traffic by IP ranges?
    Blankety Blank Blank Blank!

  8. #18
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    @valhallen - LMFAO! "Quick! Catch him with the ether-net!"

    @ miracle - If his is an AD/Microsoft shop (which he has basically said), then dopping traffic on those ports inside the network is pretty much a deal breaker for most of the "useability". Not gonna happen.

    jbclarkman I won't lecture, and as said we don't know your role/position at the company in question, but its basically professional suicide to allow ANYTHING inside your network in the fasion you've described. You really need to utilize some sort of VPN or Web application service or solution to give your business partners the access they require, without opening yourself to the world.

    You *DO* have some solutions at your disposal, if you are a Microsoft shop. Hell, my understanding is the VPN services built into XP/2003 are pretty decent for small scale office use. Don't quote me, but it's cheaper than dropping $12,000 on a Nokia w/ Check Point FW-1 device, or a NetScreen, or something similar. Probably not the best solution, but better than what you've described so far.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  9. #19
    Member
    Join Date
    Dec 2004
    Posts
    48
    To Zencoder:

    I suppose I should have clarified that ports 135-139 should not be wide open to being accessed by the OUTSIDE network. Clearly, in a MS/AD network, those ports are necessary internally.

    just this one box on the inside has an external ip for customer connection purposes.
    The above quote is from the OP. I still don't understand what "customer connection purposes" means, but several others have already suggested tunneling the traffic, which I would also suggest. If that isn't an option, you could still set up IP ranges that are allowed to connect.



    To jbclarkman:

    Clearly you are in over your head on this one. Find someone that can help you clean up the mess before it gets any uglier.
    Blankety Blank Blank Blank!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •