TASSY P2P FORUMS

It has been a topic of discussion lately and has lead me to do a short scan of the NS IP range. Mainly for the benefit of NSTASHUB users.

The reason i have posted in the private forums, is so only those in the private NS group can read this. We dont want everyone out there to know.

I'm surprise at the amount of people who arent running a secure firewall, I could scan a vast majority of IPs on the network, but what surprised me further, was the amount of open shares.

I wont go into detail explaining, as firstly i dont know very much about this subject. Though what you need to know is.
Windows shares any of your network shares out to the internet, and there is not a lot you can do to stop this, other than using a firewall to stealth yourself and block ports 137 & 139.

Otherwise everyone can have free access to your Network shares by simply opening a windows explorer and connecting to your machine via \\122.122.122.122 (122 = ip address of your machine).

I managed to get a list of shares and download some small files off a couple of the Hub users.

Info on firewalls and such can be found on www.grc.com which also allows you to test your current openness to the net.

Some of you network gurus may be able to give more info on this subject.

Some generalisations follow, but that can't be helped....

The issue occurs when people have NetBIOS bound to the network connection that links them directly to the internet. In most cases, people exposed will have USB ADSL modems, as people connecting through routers will generally be safe.

If you look at the network properties of the connection that links you directly to the Internet, you should see something like this:

The NetBIOS component is the item labelled "File and Printer Sharing for Microsoft Networks". In the above example, if this connection linked me directly to the Internet, I would be exposed.
While the above is a normal network connection, the same applies for dialup and ADSL connections (which are essentially dialups).

The bad news is that Windows will automatically enable NetBIOS for dialup connections when they are created. This may have changed, but certainly seems to be true in most cases.

The point of this is that if you have "File and Printer Sharing" on for the connection that links you directly to the Internet, you are exposed and should turn it off now!

Also note that you do not have to be actually sharing a resource to be at risk. The fact that NetBIOS is on exposes you to a number of exploits.

As I said at the start, there are a number of generalisations here, and I haven't talked about firewalls, routers, port forwarding, internal LAN sharing, and a lot of other things. If people think it worth while, I might do this.

P.S.

I might do a quick scan tonight and identify anyone at risk and try to let them know.

P.P.S.
How come I can't edit my own posts in this forum?

If you using LAN to get your net like i am, you cant control it seperately, so its best to block those ports like i have, as you still need NB to allow your network to share.

Though if you using PPPoE or a normal Dialup, you can turn off File and Print shares on your dialup connection. Which is disabled by default in 2k upwards as far as i can remember.

Ive already notified a few people.

Well i have mine disabled for my to>net connection, but for my network connection i have it enabled as it helps filesharing/net access to pc's in my network @home.

I read the guide from http://www.ozcableguy.com/index.html on proper PPPoE setup for your dsl modem for network, and havent had any hassles so far, runnin Norton 2k3 (cbf updating to 2k4 heard bad things about it).

should spam the ozcableguy site around or put it in the welcome msg on proper network/net setup for people to read on setting up there home dsl connections.

If anyone is unsure, then let me know in the hub, ill do a quick scan of your ip and tell you whats open.

Problem is

Its not only netbios shares open.
Routers are incorrectly figured so they can be seen from the net or even accessed and changed. What else is a problem is ftp servers as well. IF you want to run some sort of service make sure you read up on patches and latest updates as it narrows down problems in the future. Same with routers make sure you dont use a default password at all for admin or user. Even better if you can disable wan access to it.

But if you wanna make sure do as anach said either check with him or someone else and we can see any problems with a quick check up or refer you to somewhere else.

Pits