WINS is really DNS on another port down to format of the replies. So anything you could do with DNS (cache poisoning, exploits) can be done on WINS. The port used is 137/UDP which is one part of the netbios suite (from 137-139). Since all your machines advertise themselves as being exploitable MS OS machines with broadcasts on this port, it is inherently very dangerous to do this over the Internet. THe smbclient (or simple NT stuff) would certainly allow them to break passwords unless they use NT challenge respone password checking (this would slow things down but not eliminate it). Why don't they use a VPN tunnel (even MS pptp would be better than nothing) to connect the 2 WINS servers and not allow any netbios over the Internet? Hey folks, So I am currently on a project that involves a number of m$ products; <sigh> "Know thy enemy" is what I always say though. check this: the company has 2 WINS servers, the primary one is in their uptown location. Their secondary is at their downtown location, where I am. So they do WINS resolution _over the INternet_. (no inter-office connectivity except through the net). Is WINS and port 137-139 netbios services the same thing? How the fsck does WINS work anyway? More importantly, how will I pass it through the Gauntlet firewall (plug-gw?) ( is there not the fear that somebody can just use smbclient and a cracked password to access the drives?) Not only that, but they do the Exchange database replication also _over the internet_. needless to say, their setup is fubar. but I have to know how does the m$ sexchange db replication work anyway? (which ports or anything) more importantly, how do I pass it through gauntlet? I believe I might have to just tcpdump on the wire and figure out what's happening, cause RFC1001 and RFC1002 aint fun reading. Suggestions, flames, comments welcome. --Anindya
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:53:56 PDT