Network Security Consulting Agency Since 1989 - Specialized in Unix, Windows, TCP/IP and Internet
Text mode: access to the page content
Hervé Schauer Consultants
You are here: Home > Resources > Lectures > Windows network services internals - HiverCon 03
Go to: HSC Trainings
Version française
o Skills & Expertise
o Consulting
o ISO 27001 services
o Vulnerabilities monitoring
o Audit & Assessment
o Penetration tests
o Vunerability assessment (TSAR)
o Forensics
o Training courses
o E-learning
o Agenda
o Past events
o Tutorials
o Thematic index
o Tips
o Lectures
o Courses
o Articles
o Tools (download)
o Vulnerability watch
o Hervé Schauer
o Team
o Job opportunities
o Credentials
o History
o Partnerships
o Associations
   Press and
o HSC Newsletter
o Press review
o Press releases
o Publications
o How to reach us
o Specific inquiries
o Directions to our office
o Hotels near our office
|>|Windows network services internals - HiverCon 03  
> Access to the content HTML Beginning of the presentation
PDF PDF version [3420 KB]  
> Description Windows network services internals: TCP/IP stack, SMB/CIFS and MSRPC implementation  
> Context & Dates Talk made during HiverCon 03, on 6 November 2003.
> Author Jean-Baptiste Marchand 
> Type [ English - HTML ]  
> Abstract &
Table of content
TCP/IP stack
Ephemeral ports
Ephemeral ports range configuration
Ephemeral ports allocation policy
nc.exe: TCP/UDP client or server
Ephemeral ports: TCP clients
Ephemeral ports example
netstat bugs history
netstat bugs: UDP -> TCP (NT 4)
netstat bugs: LISTENING bugs (W2K)
W2K3: LISTENING bug fixed
Identifying processes behind sockets
netstat -o option: XP, W2K3
Lack of privileged ports
TCP Server hijacking
NT4: SMB server hijacking
IIS5 hijacking
IIS5 hijacking: example
TCP duplicate bindings
IIS5 duplicate bindings
Avoiding TCP server hijacking
SMB/CIFS: introduction
SMB transport
SMB transport: NT4 vs W2K
SMB NetBT transport: on the wire
Raw SMB transport: on the wire
SMB implementation
SMB implementation: drivers
SMB implementation: services
SMB bindings
SMB bindings: GUI
SMB bindings: CLI
SMB transport configuration
NetBT: NetBIOS names
SMB transport: raw SMB
SMB transport choice
SMB key concepts
SMB session: examples
Using the redirector
net use: examples
SMB server administration
SMB sessions management
SMB as a transport protocol
MSRPC: introduction
MSRPC transport
MSRPC services classification
Named pipes
Named pipes: W2K
Named pipes: W2K3
npfs aliases
npfs aliases: registry values
DCE RPC remote mgmt interface
ifids: named pipes endpoints
ncalrpc: LPC port endpoints
ifids: LPC ports endpoints
NULL sessions
NULL sessions: access control
NULL sessions: registry values
NULL sessions: implictly allowed named pipes
NULL session: impersonation token
RPC services: NT 4.0 domains
RPC services: administration tools
RPC-based administration tools
Remote administration: example
MSRPC security: transport protocols
MSRPC security: authentication
RPC authentication: ncacn_ip_tcp
MSRPC implementation quirks
services.exe RPC services: example
RPC services protection
ncalrpc vs ncacn_np
MSRPC vulnerabilities
MSRPC vulnerabilities, cont.
MSRPC vulnerabilities, cont.
MSRPC vulnerabilities, cont.
Messenger RPC service (ncadg_ip_udp)
MSRPC security: conclusion
References: books
References: tools
Reference: Ethereal
References: TCP/IP stack
References: other publications
> Related documents
[Course]  Windows Security
[Tool]  SSToPer tool [A Linux implementation for SSTP client - English]
[Presentation]  Rainbow Tables and accents characters on Windows [31 May 2007 - French]
[Presentation]  Workstation Security [29 March 2007 - French]
[Tip]  Presentation of Alternates Data Stream (ADS) of NTFS [28 October 2005 - French]
[Presentation]  MSRPC NULL sessions - exploitation and protection [29 June 2005 - English]
[Tip]  Windows remote administration tools overview [15 June 2005 - English]
[Article]  Windows log files [6 June 2005 - English]
[Presentation]  Active Directory network protocols and traffic [4 May 2005 - English]
[Tip]  Minimizing Windows Server 2003 network services [6 April 2005 - English]
[Presentation]  Running with least privilege on Windows systems [7 February 2005 - French]
[Presentation]  SSLtunnel for Windows [22 September 2004 - French]
[Presentation]  Active Directory network protocols and traffic [13 September 2004 - French]
[Presentation]  Windows network services [13 January 2004 - French]
[Article]  Windows network services internals [22 October 2003 - English]
[Presentation]  Windows network services for Samba folks [14 April 2003 - English]
[Article]  Security model of Windows systems [14 October 2002 - French]
[Tip]  Minimization of network services on Windows systems [2 September 2002 - English]
[Article]  Windows systems network services - Case study with Windows 2000 and Windows XP [6 June 2002 - French]
[Tip]  Minimizing network services on Windows systems [3 June 2002 - French]
[Tip]  Remote administration of Windows systems (Part 2) - rpcclient [18 February 2002 - French]
[Tip]  Remote administration of Windows systems (Part 1) - SSH [19 November 2001 - French]
[Presentation]  IP filtering and IPsec in Windows 2000 [7 September 2001 - French]
[Presentation]  Microsoft & Security: Beware Danger [13 March 2001 - French]
[Presentation]  Windows NT network flows [24 September 1998 - French]
[Article]  NT4 registers related to security [April 1998 - French]
> Copyright © 2003, Hervé Schauer Consultants, all rights reserved.


Last modified on 17 November 2003 at 18:09:51 CET - webmaster@hsc.fr
Information on this server - © 1989-2010 Hervé Schauer Consultants