Today there is this story about the SMB BOSD is it true ?
first here is the full story http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html
My Windows Versions.
I run the exploit and yes there is a BSOD
but there is no firewall on and everything is wide open. This is on my windows 2008 R2 RC build 7100
even with the Firewall on it still gets a BSOD the only thing you can do is block port 445. And I did a test on Windows 7 in my domain with the BSOD DC ;-( and no BOSD my Windows 7 is secure !!
On the left windows 7 <> right Windows 2008 r2 RC build 7100
After replacing the srv2.sys file and a reboot I did the test again and no more BOSD
but where did I find this new srv2.sys file <> yes in windows 7
Story confirmed partly true. but it can be fixed. when I do not know. but remember changing this file is not supported.
and you need to bypass the NT SERVICETrustedInstaller security rights.
You must remember turn your firewall on does not always help you port 445 ,138,139 are open if you make a block rule 445
but maybe you need 445 😉
No I’m not gona help you to test this or tell you where to find the tools to do this.
For troubleshooting you can use several tools. This time I used the microsoft network monitor 3.3 tool for network sniffing.
no not wireshark first I had to update I used an old version so after I installed 3.3 I’m ready to go. But after a “binging” I found extra updates and tools for the MNN3.3 Below is Info I grabed to get you started. Source info : Network Monitoring Team
Updated Parsers:
As you probably already know, we release new parsers on CodePlex every month. In these updates we’ve included updates for Windows 7 protocols. We also have support for Remote Windows Sockets (RWS) which is used to proxy TCP and UDP traffic from Winsock applications. Check out this blog for more information.
We post all the source code for the parsers, and you are free to look at the code, file bugs, request we take your parser code etc. This is a fully open-source parser project!
New Experts:
TCP Analyzer – TCP Analyzer lets you view TCP traffic visually and determine performance issues. This blog has more information.
Top Users – Top Users is an expert that lets you view the heaviest talkers on your network. This allows you to get a high level view and narrow down on machines that could be expectedly consume network bandwidth.
If you would like to create your own expert feel free to contacts us for information. http://nmexperts.codeplex.com has more details on how to submit a project for consideration.
New Public Forums:
The forums on Connect are normally for supporting our betas, though we’ll answer any question you have. However we now have public forums here, which is geared towards supporting the currently released version. Please post your Network Monitor 3.3 questions there so all users can learn from each other and feel free to answer question as well to help others out.
Hopefully this quick note will help you keep in touch with everything that is going on with Microsoft Protocols and Network Monitor 3.
Enjoy,
Network Monitor Team
Below are the few steps to use a cluster as file server or as print server. These are just the basic’s
Start the wizzard choose the file server option and add a IP to the netbios name
select the disk that you want to use for file sharing
Now I make a share in this cluster , select the disk and if you want to change the permissions do this here. because I had the quorum disk on this disk the cluster folder is on the data disk.
This I like a lot below is the enable access based enumeration I made a post on how to do this in windows 2003.
Clustering Access-based Enumeration (ABE) – Windows Live
and now it is just a setting
You can create a DFS link if you want. This will I do in a next session.
As you can see it is much next next I agree just the basics are easy to do. the next blog items are all about R2 RC.
I have almosted everything clusterd , so get some hardware and use R2 !