"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
You already found out how they hit you, through a NetBIOS null session. Theres really no reason to even have to know how to perform an attack like this to 'further your knowledge,' because even if you do know how they do the attack you still are just going to disable NetBIOS since its the easiest and best solution to the problem.
Another reason therefore would be I have the ability to block programs being run on my server by name. provided the user can just rename it msword.exe, it at least logs it in my log files.
netbios threw webpages...admin my ass, NB doesn't run on port 80.
did you actually make this up or did you read it somewhere. maybe retina scanner is showing netbios being vulnerable but it dosnt tell you how a server has been hacked in the past so what do you think your trying to tell us... but if i wanted a list of users from a database id use sql injection...what kind of half ass would run a webserver without a firewall which would block NB connection from the internet even in its default configuration.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
Reply With Quote