If you're filtering outbound traffic in a corporate environment (something I'd recommend), it will stop that sort of thing. Additionally, if you're just a normal dial-up user, you can stop it by opening your connection icon, choose properties, networking, and make sure "File and Printer Sharing for Microsoft Networks" is unchecked, as well as "Client for Microsoft Networks". The first is off by default, the second is enabled by default. If you are a dial-up user, and not on a home LAN, turning off the Workstation service will accomplish the same thing. Additionally, a home user can enable SMB signing, which also defeats the attack. Rolling out SMB signing in a corporate environment is a bit more complicated. > -----Original Message----- > From: thomas.roweat_private > And if you were running WinNT 4 and that referrer pointed to a server > advertising a share, NT would send your username and password > to try to log > you on without your knowledge. It could be grabbed and sent > back to your > machine, logon, and the atttacker would have all rights to > your machince and > network that the ID you're using has. > (as I've mentioned before, MS has known about this hole since > before SP2)
This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 10:37:38 PDT