[22319] in bugtraq
Re: HTML email "bug", of sorts.
daemon@ATHENA.MIT.EDU (Thor@HammerofGod.com)
Sun Aug 19 23:25:38 2001
From: Thor@HammerofGod.com
Reply-To: Thor@HammerofGod.com
To: thomas.rowe@bankofamerica.com, BUGTRAQ@securityfocus.com
Cc: Fenris@HammerofGod.com
Message-ID: <00e601c12909$9b707ed0$af05a8c0@anchorsign.com>
Date: Sun, 19 Aug 2001 16:49:27 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
> (as I've mentioned before, MS has known about this hole since before SP2)
> Cheers
... as have the rest of us.
I would not call NTLMSSP's behavior a "hole." It's just doing its job.
Properly configured firewalls block 139/445 at the interface where packets
are routed to public/untrusted networks. You have brought this up a couple
of times here, but I'm not really sure what you are on about. This is
expected, by-design behavior.
While I can conceptualize a configuration where each workstation has a table
of addresses from which to identify possible hosts to authenticate to (an
NTLM LAT if you will), I prefer to save the cycles and have this addressed
where it belongs- at the border (or as close to home as necessary). People
constantly bash Microsoft for not having a "real" operating system, yet
demand to have each potential security issue addressed in the OS itself-
something that would take control further and further away from the admin.
That is the skinny on that.
---------------------------------
Attonbitus Deus
Thor@HammerofGod.Com
