It has been a topic of discussion lately and has lead me to do a short scan of the NS IP range. Mainly for the benefit of NSTASHUB users.
The reason i have posted in the private forums, is so only those in the private NS group can read this. We dont want everyone out there to know.
I'm surprise at the amount of people who arent running a secure firewall, I could scan a vast majority of IPs on the network, but what surprised me further, was the amount of open shares.
I wont go into detail explaining, as firstly i dont know very much about this subject. Though what you need to know is.
Windows shares any of your network shares out to the internet, and there is not a lot you can do to stop this, other than using a firewall to stealth yourself and block ports 137 & 139.
Otherwise everyone can have free access to your Network shares by simply opening a windows explorer and connecting to your machine via \\122.122.122.122 (122 = ip address of your machine).
I managed to get a list of shares and download some small files off a couple of the Hub users.
Info on firewalls and such can be found on www.grc.com which also allows you to test your current openness to the net.
Some of you network gurus may be able to give more info on this subject.
NetBIOS Open shares
Last edited by Anach on Thu Apr 19, 2007 6:27 am, edited 1 time in total.
Use of undefined constants causes assumptions!
Some generalisations follow, but that can't be helped....
The issue occurs when people have NetBIOS bound to the network connection that links them directly to the internet. In most cases, people exposed will have USB ADSL modems, as people connecting through routers will generally be safe.
If you look at the network properties of the connection that links you directly to the Internet, you should see something like this:
The NetBIOS component is the item labelled "File and Printer Sharing for Microsoft Networks". In the above example, if this connection linked me directly to the Internet, I would be exposed.
While the above is a normal network connection, the same applies for dialup and ADSL connections (which are essentially dialups).
The bad news is that Windows will automatically enable NetBIOS for dialup connections when they are created. This may have changed, but certainly seems to be true in most cases.
The point of this is that if you have "File and Printer Sharing" on for the connection that links you directly to the Internet, you are exposed and should turn it off now!
Also note that you do not have to be actually sharing a resource to be at risk. The fact that NetBIOS is on exposes you to a number of exploits.
As I said at the start, there are a number of generalisations here, and I haven't talked about firewalls, routers, port forwarding, internal LAN sharing, and a lot of other things. If people think it worth while, I might do this.
The issue occurs when people have NetBIOS bound to the network connection that links them directly to the internet. In most cases, people exposed will have USB ADSL modems, as people connecting through routers will generally be safe.
If you look at the network properties of the connection that links you directly to the Internet, you should see something like this:
The NetBIOS component is the item labelled "File and Printer Sharing for Microsoft Networks". In the above example, if this connection linked me directly to the Internet, I would be exposed.
While the above is a normal network connection, the same applies for dialup and ADSL connections (which are essentially dialups).
The bad news is that Windows will automatically enable NetBIOS for dialup connections when they are created. This may have changed, but certainly seems to be true in most cases.
The point of this is that if you have "File and Printer Sharing" on for the connection that links you directly to the Internet, you are exposed and should turn it off now!
Also note that you do not have to be actually sharing a resource to be at risk. The fact that NetBIOS is on exposes you to a number of exploits.
As I said at the start, there are a number of generalisations here, and I haven't talked about firewalls, routers, port forwarding, internal LAN sharing, and a lot of other things. If people think it worth while, I might do this.
Toddlers are the stormtroopers of the Lord of Entropy.
If you using LAN to get your net like i am, you cant control it seperately, so its best to block those ports like i have, as you still need NB to allow your network to share.
Though if you using PPPoE or a normal Dialup, you can turn off File and Print shares on your dialup connection. Which is disabled by default in 2k upwards as far as i can remember.
Ive already notified a few people.
Though if you using PPPoE or a normal Dialup, you can turn off File and Print shares on your dialup connection. Which is disabled by default in 2k upwards as far as i can remember.
Ive already notified a few people.
Use of undefined constants causes assumptions!
Well i have mine disabled for my to>net connection, but for my network connection i have it enabled as it helps filesharing/net access to pc's in my network @home.
I read the guide from http://www.ozcableguy.com/index.html on proper PPPoE setup for your dsl modem for network, and havent had any hassles so far, runnin Norton 2k3 (cbf updating to 2k4 heard bad things about it).
should spam the ozcableguy site around or put it in the welcome msg on proper network/net setup for people to read on setting up there home dsl connections.
I read the guide from http://www.ozcableguy.com/index.html on proper PPPoE setup for your dsl modem for network, and havent had any hassles so far, runnin Norton 2k3 (cbf updating to 2k4 heard bad things about it).
should spam the ozcableguy site around or put it in the welcome msg on proper network/net setup for people to read on setting up there home dsl connections.
Hey
Problem is
Its not only netbios shares open.
Routers are incorrectly figured so they can be seen from the net or even accessed and changed. What else is a problem is ftp servers as well. IF you want to run some sort of service make sure you read up on patches and latest updates as it narrows down problems in the future. Same with routers make sure you dont use a default password at all for admin or user. Even better if you can disable wan access to it.
But if you wanna make sure do as anach said either check with him or someone else and we can see any problems with a quick check up or refer you to somewhere else.
Pits
Its not only netbios shares open.
Routers are incorrectly figured so they can be seen from the net or even accessed and changed. What else is a problem is ftp servers as well. IF you want to run some sort of service make sure you read up on patches and latest updates as it narrows down problems in the future. Same with routers make sure you dont use a default password at all for admin or user. Even better if you can disable wan access to it.
But if you wanna make sure do as anach said either check with him or someone else and we can see any problems with a quick check up or refer you to somewhere else.
Pits
"We have nothing to fear but fear itself"
Abraham Lincoln.
"Well actually i aint afraid of fear.. im just afraid if the stains will come out or not."
Pits 2006
NS user
512/128
Heavy Tas DC Hub and proud of it
Over 100 gigs of stuff
Good ratios on both boxes
Abraham Lincoln.
"Well actually i aint afraid of fear.. im just afraid if the stains will come out or not."
Pits 2006
NS user
512/128
Heavy Tas DC Hub and proud of it
Over 100 gigs of stuff
Good ratios on both boxes
