Peeping Through Port 139
Joab Jackson, City Paper (Baltimore)
May 4, 2000
I couldn't believe it. There, before me on my computer screen, was a
directory filled with family photos, labeled by name. I could have
looked at pictures of these folks if I'd cared to. It wasn't my
family, though, and these photos weren't on my computer. I had no idea
whose computer they were on, but I guessed it was someone in my
apartment building, and that they hadn't a clue I was spying on them.
Many of us here in my building get Internet access through cable
modems. Few know of the security risks. Now that high-speed access to
the Internet can be had through cable and digital subscriber lines
(DSL), security holes are easier to exploit. They're easy to fix too,
but few are, probably because few people know about the breaches in
the first place. Certainly, the cable guy who hooked me up never told
me that Windows, in effect, offers an Internet party line to my hard
drive. I'm guessing that at least three of my neighbors weren't
informed either.
How easy is it to tap into a neighbor's computer if it isn't secured
properly? Insanely easy, I learned after a recent night of
experimenting. It doesn't take any networking savvy -- just the right
program and some anti-social attitude.
One such program is called SMBScanner. It took me about 10 minutes to
find on the Internet. Like a police scanner monitoring many
frequencies, this software rolls through Internet-protocol (IP)
numbers (Internet addresses of nine digits separated by periods, the
online equivalent to phone numbers), checking for open ports on
computers. Now, a cable company like the one I use usually reserves
blocks of successive IP numbers for customer use. So I figured my
neighbors would have numbers nearly identical to mine, probably
varying only in the last two digits. SMBScanner paid a visit to each
of these addresses, checking to see if port 139 -- the connection
point computers often use to network with one another -- was open.
Within minutes, it found three.
From there, it was just a matter of employing the operating system's
user-friendly ability to "map" another computer's hard drive to its
own file system. This was a snap, given that two of the three
computers had no password protection whatsoever. One poor user
actually had a printer online. I pondered printing him or her a page
reading YOU'VE BEEN HACKED! But what good would such a missive be if I
couldn't enjoy the other person's surprise upon receiving it? Anyway,
it was probably best to remain in stealth mode for this fact-finding
mission. So I mapped someone else's C drive instead, giving me access
to its contents. And that's when I found the directory named "Family
Photos."
That's also when I chickened out. I couldn't nerve myself up to
actually look at any of the snapshots. I felt guilty enough already
for having snooped this far. So I disconnected. My point was made. I
didn't actually want to peer into somebody else's computer; I just
wanted to see if I could do it.
Anyone who has a high-speed Internet connection (and wants to avoid
having done to them what I nearly did to my neighbors) should take the
ShieldsUp security test offered by the Gibson Research Corp. (GRC,
grc.com), run by computer guru Steve Gibson. It's where I learned
about these vulnerabilities. GRC's Web site tests your computer to see
what ports it can wiggle into. It's an eyeopener.
How does this happen? It's a weird amalgamation of factors, a snafu
that only surfaces when home networking, dedicated Internet lines, and
people's steadfast refusal to use passwords are combined.
Start with someone tying two computers together. According to GRC,
when "Microsoft's networking client is installed, a default setting
which would have protected many millions of computers if it were
normally set to 'off' is instead set to 'on.'" Upshot? A home network
is left open to the entire Internet. What is odd about this is that it
is totally unnecessary. This option was set to "on" only to save
Microsoft in customer-service calls, the Gibson site contends.
Until recently, the pitfalls of home networking were limited, as most
networked Netters went online with dial-up connections, which were
assigned IPs more randomly. They remained online for limited periods
of time and so were harder to pinpoint. But as more people set up
networks and use connections that are always "on," it is starting to
make for a lot of sitting ducks.
And there are a lot of clandestine hunters out there. Here are
computers that remain online for long stretches of time, with easily
discoverable IP numbers. What better place than on somebody else's
computer to spend some time nosing around, looking for free software
or just some neighborly dish?
I asked a system administrator who, up until fairly recently, used to
work for an Internet service provider, about port scans. How much did
he used to see, I wondered. "The amount was staggering," he responded
by e-mail -- about once a minute, some unknown computer cracker would
test the lines, looking for an in. The friend's employer blocked that
sort of traffic from reaching its customers, at least that from folks
with other ISPs. It didn't stop this company's customers from snooping
on each other, though, as I'd snooped on my neighbors.
GRC provides an easy explanation of how to secure port 139. All it
involves is a few points and clicks. The biggest challenge is letting
people know.
-------------------------------------------------------------------
VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask] In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html
|
