From: Thor (Hammer of God) (thor@hammerofgod.com)
Date: Tue Feb 13 2007 - 20:54:43 EST
That's what I was going to say as well-- use local fw to block outbound
NetBIOS/CIFS to everything except a particular scope... That and only use
NTLMv2 (and Kerberos).
t
On 2/13/07 10:40 AM, "Shenk, Jerry A" <jshenk@decommunications.com> spoketh
to all:
> I would recommend blocking those ports (135, 137, 139 and 445) at the
> edge router so that at least they aren't sent over the internet. For
> some machines, perhaps you want a host firewall to block them from
> leaving the box at all.
>
> -----Original Message-----
> From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
> On Behalf Of Umil
> Sent: Tuesday, February 13, 2007 10:21 AM
> To: pen-test@securityfocus.com
> Subject: Avoid sending current credentials automatically over the
> network
>
> Hi all
>
>
> When mapping a network share without any credentials parameter or when
> clicking in a link for a internal app Windows and IE automatically send
> the
> current users credentials automatically. Aparently for IE you can
> configure
> to send anonymous creds (guest account) and then ask for creds.
> However over the network there is no option to avoid sending current
> users
> creds automatically. I tried smb signing but it didn't work.
> Does anyone know a solution for it?
> Thanks
> Uno
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
> 00000008bOW
> ------------------------------------------------------------------------
>
>
>
>
> **DISCLAIMER
> This e-mail message and any files transmitted with it are intended for the use
> of the individual or entity to which they are addressed and may contain
> information that is privileged, proprietary and confidential. If you are not
> the intended recipient, you may not use, copy or disclose to anyone the
> message or any information contained in the message. If you have received this
> communication in error, please notify the sender and delete this e-mail
> message. The contents do not represent the opinion of D&E except to the extent
> that it relates to their official business.
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016000000
> 08bOW
> ------------------------------------------------------------------------
>
>
>
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:34 EDT