• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Network sharing

D

dowxp

Diamond Member
hmmm. this is hard to explain. winxp for starters.. oK:

1) i want to create individual accounts for people who want to log in so i can track them. why? i used to give out a general guest account password until people start giving them away and weird people start raping my comp at full speed. i hate that. i work hard for my stuff =) the problem is i noticed on win2k and 98 machines, if guest account is still on, it wont let them enter a username, it just asks them for a password.

2) i still want guest on, so i can let them read some stupid readme file saying to contact me first

3) basically, im not sure if my memory is correct where if guest account is on, it wont let them enter a username..

am i making sense at all?
 
NetBIOS across a public network is an absolute security nightmare. Leaving shares openly exposed to the Internet, regardless of if you've password-protected them or not, is absolutely asking for trouble. There exist brute force password checking tools that send the SMB protocol to its knees with dozens of password guesses per second, and to my knowledge [this may have changed in XP] none of that is logged/audited. anywhere. Perhaps configurable in the event logger, but you should definately switch to a different setup for your file sharing needs; I'd recommend FTP and setting up multiple user accounts; this way you're also able to control source IP, directory permissions, etc. If you'd like to go all out, check out vandyke.com and get SecureFX for your friends, then set up SFTP or FTP/SSHv2 for encrypted login/password credentialing as well as encrypted data over the wire. HTH.
 


<< NetBIOS across a public network is an absolute security nightmare. Leaving shares openly exposed to the Internet, regardless of if you've password-protected them or not, is absolutely asking for trouble. There exist brute force password checking tools that send the SMB protocol to its knees with dozens of password guesses per second, and to my knowledge [this may have changed in XP] none of that is logged/audited. anywhere. Perhaps configurable in the event logger, but you should definately switch to a different setup for your file sharing needs; I'd recommend FTP and setting up multiple user accounts; this way you're also able to control source IP, directory permissions, etc. If you'd like to go all out, check out vandyke.com and get SecureFX for your friends, then set up SFTP or FTP/SSHv2 for encrypted login/password credentialing as well as encrypted data over the wire. HTH. >>



Thats a great response. As well as password guessing programs, there wa sa program out there that would capture and replay authentication over the network. This would cause havoc with networks. Just another reason smb over the net is a *BAD* idea. 🙂
 
yeah, Operating Systems with weak protocol stacks [read: NT4 pre SP3] have easily predictable sequence numbers that provide for relatively easy connection hijacking. More fun to use on telnet sessions than to capture netbios credentials though 🙂 I believe netbios actually sends the file data while performing a transfer via UDP [137/udp?] not sure, I'll have to brush up on the RFC.
 


<< yeah, Operating Systems with weak protocol stacks [read: NT4 pre SP3] have easily predictable sequence numbers that provide for relatively easy connection hijacking. More fun to use on telnet sessions than to capture netbios credentials though 🙂 I believe netbios actually sends the file data while performing a transfer via UDP [137/udp?] not sure, I'll have to brush up on the RFC. >>



hunt was fun to play with.
 
webmitm - HTTP / HTTPS monkey-in-the-middle
webmitm transparently proxies and sniffs HTTP / HTTPS
traffic redirected by dnsspoof(8), capturing most "secure"
SSL-encrypted webmail logins and form submissions.

kinda makes you uneasy about doing bank transactions over 'secure' http, eh? 🙂
 


<< webmitm - HTTP / HTTPS monkey-in-the-middle
webmitm transparently proxies and sniffs HTTP / HTTPS
traffic redirected by dnsspoof(8), capturing most "secure"
SSL-encrypted webmail logins and form submissions.

kinda makes you uneasy about doing bank transactions over 'secure' http, eh? 🙂 >>



Thats why I dont do any online banking 😉

I wouldnt be sshing into machines if it wasnt necessary. Definitely never use telnet, and only ftp within my network when the files are LARGE and/or MANY.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top