Bibliography

[1] Implementing CIFS: http://www.ubiqx.org/cifs/

[2] The Cable Guy TechNet column: http://www.microsoft.com/technet/community/columns/cableguy/default.mspx

[3] Windows Network Data and Packet Filtering: http://www.ndis.com/papers/winpktfilter.htm

[4] NAT Clients Cannot View Web Sites After You Install SQL 2000 SP2 or SP3 on an RRAS Server: http://support.microsoft.com/?id=324288

[5] Netstat Does Not Display Listening TCP Ports: http://support.microsoft.com/?id=131482

[6] App Request UDP Only, "Netstat -an" Displays TCP and UDP: http://support.microsoft.com/?id=194171

[7] The NETSTAT Command Incorrectly Shows Ports in Listening States: http://support.microsoft.com/?id=331078

[8] hping: http://www.hping.org/

[9] Netcat for NT 1.11: http://www.vulnwatch.org/netcat/

[10] TDIMon: http://www.sysinternals.com/Utilities/TdiMon.html

[11] Local Host Monitor 1.1: http://www.ntkernel.com/w&p.php?id=24

[12] HOW TO: Determine Which Program Uses or Blocks Specific Transmission Control Protocol Ports in Windows http://support.microsoft.com/?id=281336

[13] The netstat command can now display process IDs that correspond to active TCP or UDP connections in Windows 2000: http://support.microsoft.com/?id=907980

[14] TCPView: http://www.sysinternals.com/Utilities/TcpView.html

[15] Network Ports Used by Key Microsoft Server Products: http://www.microsoft.com/smallbusiness/support/articles/ref_net_ports_ms_prod.mspx

[16] fport: http://www.foundstone.com/knowledge/proddesc/fport.html

[17] NT port binding insecurity: http://www.insecure.org/sploits/NT.port-binding-vulnerability.html

[18] socat - Multipurpose relay: http://www.dest-unreach.org/socat/

[19] NT needs privileged ports: http://discuss.microsoft.com/SCRIPTS/WA-MSD.EXE?A2=ind9802b&L=cifs&P=738

[20] Enabling NetBT to Open IP Ports Exclusively: http://support.microsoft.com/?id=241041

[21] Applications May Be Able To "Listen" on TCP or UDP Ports: http://support.microsoft.com/?id=194431

[22] Using SO_EXCLUSIVEADDRUSE: http://msdn.microsoft.com/library/en-us/winsock/winsock/using_so_exclusiveaddruse.asp

[23] BUG: Non-administrator users cannot set the SO_EXCLUSIVEADDRUSE option on the Winsock setsockopt API call: http://support.microsoft.com/?id=870562

[24] Windows Packet Capture Library: http://www.winpcap.org/

[25] Atelier Web Ports Traffic Analyzer: http://www.atelierweb.com/pta/index.htm

[26] HOW TO: Install Microsoft Loopback Adapter in Windows 2000: http://support.microsoft.com/?id=236869

[27] SMB: The Server Message Block Protocol. http://www.ubiqx.org/cifs/SMB.html

[28] NBT: NetBIOS over TCP/IP: http://www.ubiqx.org/cifs/NetBIOS.html

[29] Samba-TNG: http://www.samba-tng.org/

[30] Direct Hosting of SMB Over TCP/IP (Q204279): http://support.microsoft.com/?id=204279

[31] NetBT and raw SMB transport: http://www.hsc.fr/ressources/presentations/sambaxp2003/slide6.html

[32] RPC: Remote Procedure Call Control Specification Version 2: http://www.ietf.org/rfc/rfc1831.txt

[33] DCE 1.1: Remote Procedure Call: http://www.opengroup.org/onlinepubs/9629399/

[34] A brief history of Windows: http://www.advogato.org/article/596.html

[35] DCE 1.1: Remote Procedure Call - Introduction to the RPC API: http://www.opengroup.org/onlinepubs/9629399/chap2.htm#tagfcjh_2

[36] WinObj: http://www.sysinternals.com/Utilities/WinObj.html

[37] RPC tools: http://www.bindview.com/Support/RAZOR/Utilities/Windows/rpctools1.0-readme.cfm

[38] PipeList: http://www.sysinternals.com/Information/TipsAndTrivia.html

[39] Filemon for Windows: http://www.sysinternals.com/Utilities/Filemon.html

[40] npfs aliases: http://www.hsc.fr/ressources/presentations/sambaxp2003/slide21.html

[41] ifids: named pipes endpoints: http://www.hsc.fr/ressources/presentations/sambaxp2003/slide24.html

[42] PipeACL tools v1.0: http://www.bindview.com/Support/RAZOR/Utilities/Windows/pipeacltools1_0.cfm

[43] Win32 Pipe Security Editor Windows NT/2000/XP: http://www.beyondlogic.org/consulting/pipesec/pipesec.htm

[44] LogonSessions v1.1: http://www.sysinternals.com/utilities/logonsessions.html

[45] You Can Use The Llsrpc Named Pipe to Add or Delete Licenses and Create New License Groups: http://support.microsoft.com/?id=815458

[46] Vulnerability in the License Logging Service Could Allow Code Execution (885834): http://www.microsoft.com/technet/security/bulletin/ms05-010.mspx

[47] Vulnerability in Web Client Service Could Allow Remote Code Execution (911927) http://www.microsoft.com/technet/security/bulletin/ms06-008.mspx

[48] Windows 2000, Null Sessions and MSRPC: http://www.bindview.com/support/Razor/Presentations/

[49] UserInfo and UserDump tools: http://www.hammerofgod.com/HaxorCons.htm

[50] ACL tools v1.0: http://www.bindview.com/Support/RAZOR/Utilities/Windows/acltools1.0-readme.cfm

[51] Private objects security auditing (LogAnalysis mailing list): http://sisyphus.iocaine.com/pipermail/loganalysis/2003-July/002104.html

[52] The Ethereal Network Analyzer: http://www.ethereal.com/

[53] Samba 4 IDL for the lsarpc interface: http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/lsa.idl?view=markup

[54] Samba 4 IDL for the dssetup interface: http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/dssetup.idl?view=markup

[55] Samba 4 IDL for the samr interface: http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/samr.idl?view=markup

[56] Samba 4 IDL for the netlogon interface: http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/netlogon.idl?view=markup

[57] Samba 4 IDL for the eventlog interface: http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/eventlog.idl?view=markup

[58] Samba 4 IDL for the netdfs interface: http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/dfs.idl?view=markup

[59] Samba 4 IDL for the srvsvc interface: http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/srvsvc.idl?view=markup

[60] Samba 4 IDL for the svcctl interface: http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/svcctl.idl?view=markup

[61] Samba 4 IDL for the winreg interface: http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/winreg.idl?view=markup

[62] Samba 4 IDL for the wkssvc interface: http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/wkssvc.idl?view=markup

[63] Ethereal SVN repository: http://anonsvn.ethereal.com/viewcvs/viewcvs.py/trunk/

[64] Windows Workstation Service Remote Buffer Overflow: http://www.eeye.com/html/Research/Advisories/AD20031111.html

[65] Buffer Overrun in the Workstation Service Could Allow Code Execution (828749): http://www.microsoft.com/technet/security/bulletin/ms03-049.mspx

[66] Samba 4 IDL for the spoolss interface: http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/spoolss.idl?view=markup

[67] Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423): http://www.microsoft.com/technet/security/bulletin/ms05-043.mspx

[68] Minimizing Windows network services: http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html

[69] dcedump (part of the SPIKE toolkit): http://www.immunitysec.com/resources-freesoftware.shtml

[70] Endpoint Mapper Interface Definition: http://www.opengroup.org/onlinepubs/009629399/apdxo.htm#tagcjh_35

[71] Distributed Component Object Model Protocol -- DCOM/1.0: http://quimby.gnus.org/internet-drafts/draft-brown-dcom-v1-spec-03.txt

[72] Microsoft Debugging Tools: http://www.microsoft.com/whdc/ddk/debugging/default.mspx

[73] Understanding the DCOM Wire Protocol by Analyzing Network Data Packets: http://www.microsoft.com/msj/0398/dcom.aspx

[74] Microsoft Windows 2000 RPC DCOM Interface DOS AND Privilege Escalation Vulnerability: http://www.securiteam.com/exploits/5CP0N0KAKK.html

[75] Locator Service Buffer Overflow Vulnerability: http://www.nextgenss.com/advisories/ms-rpc-loc.txt

[76] Unchecked Buffer in Locator Service Could Lead to Code Execution (810833): http://www.microsoft.com/technet/security/bulletin/MS03-001.mspx

[77] Windows PopUP SPAM: http://www.mynetwatchman.com/kb/security/articles/popupspam/

[78] Buffer Overrun in Messenger Service Could Allow Code Execution (828035): http://www.microsoft.com/technet/security/bulletin/MS03-043.mspx

[79] Samba 4 IDL for the atsvc interface: http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/atsvc.idl?view=markup

[80] Samba 4 IDL for the drsuapi interface: http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl?view=markup

[81] TCP ports, UDP ports, and RPC ports that are used by Message Queuing: http://support.microsoft.com/?id=178517

[82] Vulnerability in Message Queuing Could Allow Code Execution (892944): http://www.microsoft.com/technet/security/bulletin/ms05-017.mspx

[83] drsuapi MSRPC interface Ethereal dissector: http://anonsvn.ethereal.com/viewcvs/viewcvs.py/trunk/epan/dissectors/packet-dcerpc-drsuapi.c

[84] Windows Local Security Authority Service Remote Buffer Overflow: http://www.eeye.com/html/Research/Advisories/AD20040413C.html

[85] LSASS Vulnerability - CAN-2003-0533: http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

[86] Sasser Worm Technical Analysis: http://www.eeye.com/html/Research/Advisories/AD20040501.html

[87] XCCC: Exchange 2000 Windows 2000 Connectivity Through Firewalls: http://support.microsoft.com/?id=280132

[88] RPC Interfaces That Are Exposed by Secure Mail Publishing in ISA Server 2000: http://support.microsoft.com/?id=304948

[89] How MAPI Clients Access Active Directory: http://support.microsoft.com/?id=256976

[90] Be Wary of Other RPC Endpoints Running in the Same Process: http://msdn.microsoft.com/library/en-us/rpc/rpc/be_wary_of_other_rpc_endpoints_running_in_the_same_process.asp

[91] Process Explorer: http://www.sysinternals.com/Utilities/ProcessExplorer.html

[92] services.exe RPC services: http://www.hsc.fr/ressources/presentations/sambaxp2003/slide26.html

[93] DCE/RPC over SMB: Samba and Windows NT Domain Internals. Luke Kenneth Casson Leighton. Macmillan Technical Publishing, 2000.

[94] RPC Interface Restriction: Changes to Functionality in Microsoft Windows XP Service Pack 2 (Part 2: Network Protection Technologies) http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk.mspx#EHAA

[95] List of Remote Procedure Call (RPC) fixes in Windows XP Service Pack 2 and in Windows XP Tablet PC Edition 2005: http://support.microsoft.com/?id=838191