Team Asylum Security Copyright (c) 1999 By CyberSpace 2000 http://www.cyberspace2000.com/security Source: Don Sausa [don@cyberspace2000.com] Alert Date: 07/01/99 Release Date: 07/11/99 Affected -------- - Windows 3.xx/9x users on networks with shares enabled. Cable modem/DSL users are the primary focus of this advisory. Alert Description ----------------- Cable modem/DSL users using Windows with shares enabled can allow unauthorized users to access their data. Password protected shares are also susceptible to brute force attacks. Vulnerability Summary --------------------- A malicious user in a cable modem network can use a port/OS scanner to scan the network for Windows users and can then start accessing those systems that have shared folders. Using Start -> Find -> Computer or Network Neighborhood in Windows 95/98, one could easily access the computers with shares enabled. Furthermore, crackers can use brute force to guess passwords if such protection is enabled on the shares. There are no means of logging brute force attacks by Windows. These issues are known and have been addressed in the past by Microsoft as early as 1995. However, in the age of cable modems and DSL networks, alerts must be continued to re-educate new computer users using these new medias. Fix --- File and Printer Sharing for Windows is not on by default. Users are encouraged to disable file/printer sharing if they go online with their cable modem (NIC card) or other means of communication through the Internet or unprotected networks. Disable file/printer sharing for Windows 95/98, follow the steps below: [Start] -> Settings -> Control Panel -> Network -> File / Printer Sharing Turn both Microsoft and NetWare Networks off. Please note this is not on by default. You may also use password protection for your shares. Simply use Windows Explorer and Right Click -> Sharing. Windows 95 users please download updates for File and Printer Sharing through http://www.microsoft.com. Special Thanks -------------- Joe Graham should be credited for the original cable modem bug report, Jim Starowitz and Mark Gierach for their cable modem testing, and Geoff Goas for assisting in the assessments.