翻译了一篇关于网络安全的文章

 

 

1.     Introduction

 

Briefly, the dump of network traffic represents a process of establishing a TCP connection between two machines via NetBIOS session service over SMB protocol. The report will firstly provide a general description of problems identified which will focus on some weakness protocols and the vulnerabilities caused by them. Furthermore, a detailed description of packets and proposed solutions to problem identified will place in the main body. In the conclusion, a general review for what problems have been found and solved will be provided.

1.1       Outline of identified problems

1.     According to packet 1 to 3, the source computer detects the target host opens a TCP port 139 (serves for NetBIOS Session) and successfully connected to the TCP session service. Assuming that the performer is an attacker and attempt to access to the remote system with an unlawful intention, port 139 opening by the target host can be imagined as an unlocked door, it will result in some underlying security risks because several attacks can be performed against NBSS, brute-forcing user password, for instance. ( Chris Mcnab , 2007 ) More details will be discussed later.

 

2.     As we can spot from packet 4 and 5 that the client NetBIOS name has been registered and the server NetBIOS name is also known, assuming that the malicious performer tends to create vandalism against the target host, attacking the NetBIOS name service is one way to do it. Due to unauthenticated protocol, the performer can easily send either a conflict NetBIOS name or Name-Release- Requests to the server in order to launch a denial of server. For example, the vulnerability can lead to“ intermittent connectivity problems, or the loss of all NetBIOS functionality” . ( Andrew Blyth, 2009 _1)

 

3.     Regarding SMB dialect agreement based on packet 6 and 7, the server selects a challenge/response authentication mode, which is always considered as an effective way to against eavesdropping attacks. However, some password-guessing tools, like L0phtcrack, according to Stuart McClure et al., (2003_1), the reverse-engineers on L0phtcrack can hash value itself by capturing challenge/response traffic, and then cracking the password by its password-cracking engine. Due to weak hash algorithm, LM hash is easy to obtain. Moreover, 10phtcrack allows attackers work offline which means their account would never be locked out even if the Lockout threshold has been met. More details will forms in the main body.

 

4.     A real attack can be implemented after authenticating with NetBIOS, for example, privilege escalation attacks, several tools such as “HK” and “PipeUPAdmin” can escalate user logon permissions to the Administrators group to obtain the ultimate privilege. (Stuart McClure et al., 2003_2). However, in our case (packet 8 and 9), null username and password is contained by session setup ANDX requests packet, it is also known as the anonymous login,   once the named pipes (one of the IPC method) are created by the server, the performer can easily access to the hidden "IPC$" share. Although the privilege of the anonymous login is very limited, still some information can be gleaned, for example, the NetBIOS name list via PIPE/LANMAN service. Last but not least, accessing hidden "IPC$" share with anonymous privilege will not make security issue worse, however, assuming there is one day, an attacker cracks an username and password with the logon permission (not the Admin privilege), the named pipes vulnerabilities would be used to gain the ultimate privilege.

 

 

 

2.     Main body

 

2.1 Packet description

According to the first three packets , the client (193.63.129.192) sends TCP packets to target host in order to establish a TCP with the server (193.63.129.187). This process can also be recognized as a three-way TCP handshake. The first packet represents that the client sends an initial SYN packet (SYN =0xF1908361 ACK=0) to the server to synchronize the sequence number. The second packet indicates that the server has received the initial packet and response with its own SYN+ACK packet (SYN=0x7CFB7BBA, ACK =0xF1908361+1). In the third packet , the client sends the ACK (ACK =0x7CFB7BBA +1) packet back to acknowledge the packet which is just sent by client. Since then, a three-way handshake has completed and a TCP connection has been established between the client and the server. Meanwhile, the performer can easily identify that port 139 (NetBIOS session) is opening on the target host. (TCP 三次握手建立)

 

According to packet 4, a NetBIOS session request packet contains the client and server NetBIOS name is sent by the client over TCP connection. This operation can be considered as a process of the client CALLS the server (the client NetBIOS names is the Calling name, the server NetBIOS name is the called name). Regarding the coursework document, the hexadecimal inside packet 4 has been made into ASCII which is placed on the right hand side. The ASCII string “EKDEC… & EKDECNEJF…”is the mangle algorithm refers to the client and the server NetBIOS name. According to the algorithm rule (Andrew Blyth, 2009_1), the result shows the server unique NetBIOS name is J4-ITRL-14, and the client NetBIOS name is J4-ITRL-19. It is important to notice that a PUSH flag (***AP***) has been set in order to push the data through. According to RFC793 (IETF, 1981), A PUSH flag should be set and implemented on “SEND calls” in order to avoid data aggregation. Back to packet 5, the server replies with a 4-byte packet. The hex“82” (IETF, 1987) inside packet represent a positive session response, which means the server NetBIOS is accessible. Since then, the client has established the NetBIOS session successfully. 

 

In packet 6, an initial SMB packet which is “ SMB_COM_NEGOTIATE ” (0x72) command is sent by client with a list of SMB dialects to agree on which dialect to use. As we can see there are 8 different versions dialects on the list (count from 0 to 7). In packet 7 , the server replies with an acceptable dialect, according to the parameter words (0x07) which corresponds with NT LM 0.12 from array index. In addition, the server sets a security mode ( 0x03). After converting into binary (the lowest bit=1), we can easily identify that the server selects the User Level” security to operate. Meanwhile, “LM Challenge/Response” mode has been selected by the server for authenticating (the second lowest bit=1). The packet also contains a random 8-byte challenge which is 0x 103F5ED8E2243A26 and the encrypted key length is 8-byte, they are related to authentication, discuss later.

 

In packet 8 , the client sends a SMB SESSION SETUP ANDX (0x73) request packet to the server [tree connect (0x75) is placed just following word count (0x03)]. Notice that according to the SMB parameter field, the account name and password is null (0x00), that is, the client requests an anonymous access. In the Pad 2, the sever requests to establish an IPC$ share on the server (J4-ITRL-14). In response, the server sends the packet contains the accessed service, which is “IPC”.

 

In packet 10, the client sends a SMB transaction packet to execute a “LANMAN” pipe operation on the server in order to enumerate the SMB servers on the network. In packet 11, the server replies with a list of NetBIOS name (SMB server) on the network.

 

2.2 Proposed solution to the problems identified

 

2.2.1 Countermeasures: Defending against unlawful NetBIOS session connection   (防御非法会话连接)

 

Obviously, disable the NetBIOS session service by closing the TCP port 139 or filtering it from firewall is the simplest way to prevent attacking from accessing to the NetBIOS session services. However, it is not an option in many situations due to this service still provides several useful values, for example, convenience of communicating between two trusted machines. If this is not an option, there is another method which is configure a scope ID to isolate a group of computers and only allowed these computers to communicate with each other. By that, assuming when a source computer attempt to CALL a target computer by sending a NetBIOS session request packet, it must contains not only a NetBIOS name, but also the “Scope ID”, an wrong scope ID send will result in a rejection connection from the target host.      (简单的关闭139 做法是不合适的,可以用信任组的方法)

 

2.2.2 Countermeasures: Defending against password guessing

(防御密码猜测)

Unfortunately, aforementioned solution may not stop hackers since the scope ID is easy to leak out or observe. To make up this security issue, another method seems essential, that is, prevent unlawful login from cracking password . First, it is obvious that most attackers keen to brute-forcing user password even some relative information, so it is necessary to set a strong password against a number of password cracking tools, for example, a password contains letters (uppercase and lowercase letters), numbers and symbols. In addition, configuring the account lockout policy to limit lockout threshold, which means an account will be disabled once the threshold has been reached . Moreover, Scambray and McClure (2001) suggest that Administrator account name should be changed due to it is a widely known standard account, which ensures at least the account name is correct when an attacker attempt to password guessing, additionally, Administrator account is not affected by lockout threshold even if it exceeds the threshold. Therefore, make Administrator account name “invisible” is essential.

 

2.2.3 Countermeasures: Defending against 10phtcrack

 

  Password guessing usually takes a long time and become increasingly complicated since most individuals have been realizing the importance of computer system security. However, some attackers would never give up.   Nowadays, due to most SMB servers are using LM challenge/response authentication mode against the eavesdropping attacks. However, as mentioned before, L0phtcrack can capture the challenge and the hash based on challenge encryption from the network traffic, and then brute force the password by password-cracking engine. Mcse, P and Sheldon T (2001, p43) state that ‘Data encryption is your best bet to preventing eavesdroppers from easily viewing and transmitted data.’ Data encryption allows each packet to be encrypted so that eavesdroppers cannot glen some sensitive information through the sniffing, if attackers are not able to obtain the challenge, L0phtcrack would be useless. However, this solution is based on a bridge or route device installed, assuming this is not an option, another one can be adopted which is configuring a security level for LAN Manager Authentication, according to article ID: Q239869 published by Microsoft (Microsoft article, ID: Q239869, 2007), six levels are available for users to choose, Stuart McClure et al., (2003_3) suggest to select at least level 2 due to challenge hash then will not be captured by challenge-response. Although 10phtcrack can still perform cracking by importing captured password hash, it will take for a large amount of time which may get the result before attackers lose patience.

 

             

2.2.4 Countermeasures: Defending against NetBIOS Name attacks

 

NetBIOS name is easy to attack since UDP137 is an unauthenticated protocol, to avoid Name-Release-Requests, we can just modify the registry key by adding value name: NoNameReleaseOnDemand located:

HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/NetBT/Parameters

After modification, the server will not release the NetBIOS name when received Name-Release-Requests command.

 

Frankly, “rookie” users are not expected to modify the registry key as incorrect registry editor may lead to a number of security issues and may leave the users no choice but reinstall the OS.

 

Microsoft has released a series of patches to resolve this “spoofing” vulnerability. Internet Protocol Security is used by windows 2000 or later versions. IPSec permits a user to establish authentication on UDP port 137, by default, any unauthenticated broadcast would be blocked by IPSec filters.  

2.2.5 Countermeasures: Named pipes attacks

 

Let's assume that there is a source computer has already established a NetBIOS session connection and is authenticated by the target computer, named pipes allows an attacker to access remote machine and executes several operations in order to achieve different purposes, for example, cracking the password by accessing the SAM password database. It seems very difficult to stop attackers to access file system once they authenticated by the server and know the pipe path. Fortunately, in terms of security, named pipes would not make things worse since even if without them, attackers can still access what they would want. However, some attackers use the named pipes to escalate the privilege to the administrator privilege by attaching the arbitrary code to named pipe which just before security context of SYSTEM starts, once the named pipe attaches the arbitrary code runs with SYSTEM privilege, attackers can add the current user account to administrators group by PipeUpAdmin tool. Stuart McClure et al., (2003_4) provide a solution against this bug, which is installing a Microsoft patch to change the method of creating and allocating named pipes.

 

2.2.6 Countermeasures: Anonymous login attacks

 

Anonymous login allows users to access to the IPC$ share without proving username and password. By which, a number of malicious users bypass the authentication in order to enumerate some information. We can easily prevent attackers from enumerating information, just modifying the DWORD of RestrictAnonymous in the Registry by changing its key value to 00000001.  In addition, users can simply filter port 139 if they do not want to use its services.

3.     Conclusion

 

Regarding the dump of network traffic in the document, some identified problems have been found based on weakness protocols and their vulnerabilities. Meanwhile, the report also provides the proposed solutions. NetBIOS offers several services and always be attacked due to port 139 is a high-risk port. However, it cannot be closed or filtered in most situation because its benefits. If it is not an option, users should consider increasing its security by fixing each individually vulnerability upon protocol.   For example, set a scope ID can stop attackers to communicate to certain machines from external site. Enforce a strong password is a good method against brute-forcing.

In addition, software suppliers should make a strictly security evaluation before their products release to the market. Early OS version, for instance, it only includes share-level SMB authentication mode, attackers can easily obtain some sensitive information by capturing packets.   Last but not least, how to stop hackers before they attacks should be considered as an important topic for related department to discuss.

 

 —————————————————————————————————————————————

 

1. 介绍

 

简单来说,网络流量转储就是一个基于SMB 协议,通过NetBIOS 会话服务在两台计算机之间建立TCP 连接的过程。本文将首先大体介绍相关协议的弱点和由此引起的脆弱性问题。然后,会在文章的主体部分,对数据包进行详细的分析,并提出问题的解决办法。,在结论部分,会对问题和解决方法进行总结。

1.1       问题的提出

1.        数据包13 ,是两台计算机建立TCP 连接的过程。其中源计算机探测到目标主机打开了一个TCP 端口139 (一个用于NetBIOS 会话服务的端口号)并成功连接到TCP 会话服务。如果攻击者以非法手段访问远程主机,139 端口会就像一个未上锁的门一样,将这个远程主机暴露出来。这显然会在NetBIOS 会话服务中引起一些潜在的安全问题。例如,攻击者可以通过暴力破解的方式,轻松获得账户密码。

2.        数据包45 ,是两台计算机建立SMB 会话的第一步。在这里客户端和服务器的NetBIOS 名都是可知的。如果攻击者想破坏目标主机,那么通过攻击NetBIOS 名服务就可以轻松的达到目的。由于协议本身不具备验证机制,攻击者可以肆意的向服务器发送冲突的NETBIOS 名或者NETBIOS 名释放请求来引起服务器的拒绝。这个缺陷会导致间歇性的连接问题,甚至是NetBIOS 功能的丧失。

3.        数据包67 ,是两台计算机建立SMB 会话的第二步。为了保证传输安全,服务器会使用一种称为“挑战/ 应答”的认证模式。所谓“挑战/ 应答”是指,首先从主机上生成一个难以预期的随机数等作为Challenge( 称为挑战) 值发送给用户。用户端在接收到的挑战信息后,加人口令等用户识别信息并利用Hash( 也称杂凑或散列) 或加密,计算出一个值返回给主机( 称为Response ,应答) 。主机利用已登录的用户识别信息进行同样的Hash 函数计算并与用户返回的应答进行对比。当两者相同时就认为是其本人。这种方式可以有效的防止窃听攻击。但是,有些密码猜测工具,例如L0phtcrack ,能够捕获挑战/ 应答通信并散列它们。这是hash 算法本身的缺陷所致,LM hash 很容易被获取。而且,L0phtcrack 还允许攻击者离线操作,这就意味着想通过登录阀值锁定攻击者的账户变得不大可能了。

4.        数据包89 ,是两台计算机建立SMB 会话的第三步。主要工作是提供认证。真正的攻击可能发生在这个认证通过之后,例如权限提升攻击。使用“HK” 和“PipeUPAdmin” 这样的工具就可以提升用户登录权限到管理员组,并获得终极的权限。在本实例中,包8 采用了空用户名和密码的方式登录,这就是所谓的匿名登录。在这种方式下,一旦命名管道(一种进程间通讯的方式)被服务器创建,攻击者可以轻松的访问到隐藏的"IPC$" 共享资源。虽然匿名登录的权限有限,但是仍然可以搜集到一些信息。例如。可以通过PIPE/LANMAN 获取NetBIOS 名字列表。虽然,匿名访问隐藏的"IPC$" 共享资源不会引起更为严重的安全问题,但是如果攻击者通过命名管道的缺陷来获取终极权限,那么破坏性就很难估计了。

 

2.  主体

2.1       数据包分析

通常情况下,SMB 运行于TCP/IP 协议组之上。在TCP 层上面,常常会发现NETBIOS(NBT) 头部。在NBT 上面,有SMB 基础报文头部。在SMB 基础报文头部之上,就是另一种依赖于特定请求命令的头部。所以一个SMB 包的结构通常如图:

TCP Header

NETBIOS Header

SMB Base Header

SMB Command Header

DATA

1

SMB Base header ”—— 包含了几种信息,像接收缓冲区的长度,允许的最大连接数目等。它也包含了一个鉴别请求命令的数字。

SMB Command header ”—— 包含了所有的请求命令的参数( 像磋商协议版本命令)

DATA ”—— 容纳了请求命令的数据。

从数据包13 中可以看出客户端和服务器建立TCP 连接的过程:

(1)  首先,客户端(IP 地址是 193.63.129.192 ),通过发送TCP 包(数据包1 )至服务器(IP 地址是193.63.129.187 ),请求一个TCP 连接。这是建立一个TCP 连接的开始,也就是所谓的三次握手过程的第一步。数据包1 我们可以称之为SYN 消息,意为通讯序列同步请求。数据包1SYN 字段的值为0xF1908361

(2)  然后,服务器向客户端发送了数据包2 作为应答。数据包2 我们可以称之为SYN+ACK 消息。这个包中的ACK 字段是由接收到的客户端数据包中SYN 字段加1 得到,SYN 字段由服务器产生。在数据包2 中, SYN 字段的值为0x7CFB7BBA, ACK 字段的值为0xF1908361+1

(3)  最后,客户端在接收到服务器的应答包后,提取出其中的SYNACK 字段,将之前发送的SYN 消息中的SYN 字段值和接收到的ACK 字段值进行比较。在没有错误的情况下,将接收到的SYN 值加1 作为新的ACK ,并封装成为数据包3 ,发送给服务器,这里数据包3 也被称为一个ACK 消息。服务器接收到数据包3 ,会用其ACK 字段值和自己先前发送包2 中的SYN 值进行比较,在比较无误后,TCP 连接就算是建立成功了。

数据包48 反映了两台计算机建立SMB 会话的三个步骤:

(1)  数据包45 对应SMB 会话连接的第一步。首先客户端向服务器请求一个NETBIOS 会话。客户端将它的已编码的NETBIOS 名字通过数据包4 发送到SMB 服务器( 它们在139 端口监听连接请求) 。服务器接收到NETBIOS 名字后通过数据包5 回复一个NETBIOS 会话数据报给有效的会话连接。在包416 进制段中,第一个‘81 ’表示这是一个NETBIOS 请求数据包,接下来的‘44 ’代表数据字节的长度(不包括NETBIOS 头)为68 ,然后通过‘20 ’引出一个NETBIOS 名,以‘00 ’表示结束,总共包含了两个NETBIOS 名。NETBIOS 名是由15 个字节的字符串(如果不足15 字节用空格补齐),在末尾补上代表类型的ASCII 码(0x0 代表工作站,0x20 代表服务器),凑成16 字节后,再按4 位拆分并加上字符‘A ’的值,组成32 字节数据传输的。包4 中的NETBIOS 名转换以后服务器名和客户端名分别是J4-ITRL-14J4-ITRL-14 。在包5 中,第一个‘82 ’表示这是一个NETBIOS 应答数据包,这表明,NETBIOS 会话已经成功建立。

(2)  数据包67 对应SMB 会话连接的第二步。这是一个协议磋商的过程。客户端发送一个SMB negprot 请求数据报(negprot 是磋商协议“negotiate protocol ”的简写) 。其中列出了它所支持的所有SMB 协议版本。服务器选择它们将会使用的版本,并发送数据包回复客户端。从包6 中的NETBIOS 头中(00 00 00 AA )可以看出,这是一个会话消息包,并且数据字节长度为170 。接下来的字段“FF 53 4D 42 ”,在“FF ”后的三个数据转换为ASCII 码恰好是“SMB ”,它们代表这是SMB 头段的开始。后面的‘72 ’表示这是一个用于协议磋商的包,其中每个协议名称以‘02 ’开始,以‘00 ’结束,可以看出,客户端总共支持8 种协议版本。包7 前半部分同包6 类似,在十六进制数据的第三行中,‘11 ’表示由此开始的SMB 命令报文头部总共有17 个参数的字段。之后的‘07 ’表示经磋商后要使用的协议版本索引,这里代表包6 中所提供的NT LM 0.12 版本。之后的‘03 ’对应是安全模式选择,这里表示使用DEC 加密算法进行编码并工作在用户级的安全模式下。这个包中还包含一个8 字节的随机挑战,它是0x103F5ED8E2243A26

(3)  数据包8 对应SMB 会话连接的第三步。在通过上一步磋商之后,客户端进程向服务器发起一个用户或共享的认证。这个过程是通过发送SesssetupX(SesssetupX 是会话建立和XSession setup and X ”的简称) 请求数据报实现的。客户端发送一对登录名/ 密码或一个简单密码到服务器,然后服务器通过发送一个SesssetupX 应答数据报来允许或拒绝本次连接。包8 和前两个包的结构类似,不同的是,表示包类型的数据字段‘72 ’变成了‘73 ’,这里的‘73 ’表示这是一个SesssetupX 包。另外就是带有的参量变化,这个包的SMB 命令报文头部有‘0d ’个参数字段。注意到,在这些参数字段中,有关用户名和密码的字段都为空(0x00 ),这表明客户端是用匿名方式访问服务器的。

2.2       问题的解决办法

2.2.1 防御非法会话连接

显然,可以使用禁用NetBIOS 会话服务或者通过防火墙过滤掉它来防止通过访问NetBIOS 服务的攻击。但这种方法很消极,因为毕竟使用NetBIOS 服务会给我们带来很大的便利。因此,为了继续享受这种服务带来的方便,我们最好寻找其他方式来防止攻击。设置一个信任域ID 来隔离一组计算机,仅仅允许组内计算机通讯就是一种可行的办法。这样,如果源计算机想通过NetBIOS 会话请求访问目标计算机,它除了要发送NetBIOS 外,还需要发送信任域ID 。如果它发送的信任域ID 出错,这个连接请求就会被拒绝。

2.2.2 防止通过密码猜测

但是,上述方法并不能阻止黑客,因为信任域ID 很容易被破解或泄漏。为了防止攻击者通过破解密码来非法登录,我们可以采用另一种方法。考虑到,多数的攻击者会根据一些相关信息使用暴力破解的方式获取密码。为了防止密码被猜中,我们可以设置一个更为健壮的密码,这可以通过增加密码的长度和所使用的字符种类以增加密码的复杂度来实现。此外,还可以设置登录次数门限值,当攻击者密码尝试次数超过门限值时,这个账户将被锁定。另外,使用验证码机制,就是在用户登录时随机产生一组计算机难以识别的符号以确认尝试者是人,也可以有效的防止攻击者对密码猜测的尝试。

2.2.3 防止通过10phtcrack 进行攻击

在大众的网络安全意识提高后,他们会倾向于将重要的密码密码设置的很复杂。这样就给密码猜测带来很大的困难。于是,攻击者们想到了另外的方法。由于现在大多数的SMB 服务使用LM 挑战/ 应答认证模式来防止窃听攻击。正如前面提到的,10phtcrack 这个工具能够通过网络通讯,获取源于加密挑战的挑战与加密它的hash 表。然后,再通过密码破解引擎暴力破解密码。为了防止通过这种方式攻击。我们可以使用数字加密技术。数字加密技术允许加密每一个包,这使得攻击者很难通过嗅探器从网络通讯中获取到敏感信息。如果攻击者无法获得挑战,那么10phtcrack 就变得没用了。

2.2.4 防止通过NetBIOS 名攻击

由于NetBIOS 会话服务使用的UDP137 协议是不具备验证机制的,因此攻击者们还可以通过NetBIOS 名进行攻击。为了防止通过名称释放请求方式的攻击,在windows 中,我们可以修改注册表项。在

HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/NetBT/Parameters

中添加值:NoNameReleaseOnDemand

这样修改后,服务器将不会在收到名称释放请求时,释放NetBIOS 名。此外,微软还发布了一系列的补丁来防止这类攻击。从windows2000 开始引入的“Internet 协议安全性 (IPSec) ”就是一个针对性的补丁。IPSec 允许用户在UDP 端口137 上建立验证机制,使得默认情况下那些没有验证信息的广播消息被IPSec 过滤器过滤掉。

2.2.5 防止通过命名管道攻击

假设源计算机和目标机之间已经建立NetBIOS 会话连接并且认证通过,命名管道将允许攻击者访问远端计算机并且对其执行一些操作。例如,他们可以通过访问SAM 密码数据库来破解密码。看来,一当攻击者被服务器验证通过,就很难阻止他们通过访问文件系统进行肆意的破坏了。特别是,有的攻击者在服务器系统安全环境启动之前,通过在命名管道中添加附加代码来提升自己的权限。一旦这些代码在系统权限下被执行,攻击者便可用 PipeUpAdmin 等工具修改当前用户的权限至管理员级别。为了对付这个命名管道带来的bug ,我们可以安装微软提供的改变命名管道创建和分配方式的补丁。

2.2.6 防止通过匿名登录攻击

匿名登录允许攻击者在不经认证的情况下访问到IPC$ 共享资源。这使得一些恶意用户绕开认证而发布一些非法信息。我们可以通过修改注册表来轻松预防这种攻击。通过修改RestrictAnonymousDWORD 项,将其key value 改为00000001

 

              

3.  结论

本文主要针对网络流量转储上,一些源于协议漏洞和由他们引起的脆弱性导致的认证问题进行了阐述和分析。同时,对相关问题提出了一些解决的方案。NetBIOS 能够提供多种有用的服务,却因为其使用的端口139 不具备认证机制而存在安全隐患。如果想安全的使用它,我们就需要针对其不同的漏洞来修补我们的协议。

 

 

 

 

 

 

 

 

你可能感兴趣的:(session,网络,server,服务器,Security,Authentication)