Chapter 9. Assessing Windows Networking Services
This chapter focuses squarely on Windows NetBIOS and CIFS services that are used in corporate networks to provide access to SMB for file sharing, printing, and other useful functions. If these services aren’t configured or protected correctly by network filtering devices, they can be used to great effect to enumerate system details and cause a complete network compromise.
Microsoft Windows Networking Services
Microsoft Windows networking services use the following ports:
loc-srv 135/tcp loc-srv 135/udp netbios-ns 137/udp netbios-dgm 138/udp netbios-ssn 139/tcp microsoft-ds 445/tcp microsoft-ds 445/udp
Port 135 is used for RPC client-server communication; ports 139 and 445 are used for authentication and file sharing. UDP ports 137 and 138 are used for local NetBIOS browser, naming, and lookup functions.
SMB, CIFS, and NetBIOS
The Server Message Block (SMB) protocol can facilitate resource sharing in Microsoft Windows environments. Under Windows NT, SMB is run through NetBIOS over TCP/IP, which uses UDP ports 135, 137, and 138 along with TCP ports 135 and 139. With Windows 2000, Microsoft added CIFS support, which provides full SMB access directly through TCP and UDP port 445 (as opposed to using a variety of UDP and TCP ports). Many system administrators diligently filter access to ports between 135 and 139, but have been known to neglect port 445 when protecting Windows 2000 hosts.
Microsoft RPC Services
The Microsoft RPC endpoint mapper ...
Get Network Security Assessment now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
