RE: Winnuke

Phil Thomas ( )
Mon, 12 May 1997 11:20:48 -0700

Look you can unbind netbios or create a filter, but you will lose
some inner LAN connectivity between Microsoft based machines. The
solution is simple, if you have access to your router enable a filter
to deny all udp/tcp packets on port 139.

Now the long term to solution, After spending some $$$ one of their
software engineers have found that there is a bug in NT and has
submitted a bug report to Microsoft. Now he claims that Microsoft will
be working on a patch to fix this problem, and if and when it becomes
available it will be posted on their ftp server. I will keep you guys
up to date on a solution when it becomes available.

Philip Thomas, Operations Engineer
Amber Communications Incorporated 702.786.5900 fax 702.786.5541

-----Original Message-----
From: Andras Tudos - Computronic, C3
Sent: Monday, May 12, 1997 9:56 AM
Subject: RE: Winnuke

Isn't it enough to unbind Netbios from TCP/IP in the Network Control
(and use IPX or Netbeui on the LAN)?

We are using NT servers for all kind of Internet services (as an ISP)
have many links to the outside world, so it is not possible (or not
to filter on the router level. And we need to be crash safe from our
users as well...

There is a security option in the Network control panel (NT4) as
anyone has experience with that? It seems that I would have to specify
allowed ports and cannot filter out only what I want.

We were already attacked, so I need a solution urgently...

Andras Tudos
Computronic, C3
Budapest, Hungary

NTISP Mailing List