Peeping Through Port 139

By Joab Jackson, Baltimore City Paper. Posted May 4, 2000.

I couldn't believe it. There, before me on my computer screen, was a directory filled with family photos, labeled by name. I could have looked at pictures of these folks if I'd cared to. It wasn't my family, though, and these photos weren't on my computer. I had no idea whose computer they were on, but I guessed it was someone in my apartment building, and that they hadn't a clue I was spying on them.

Many of us here in my building get Internet access through cable modems. Few know of the security risks. Now that high-speed access to the Internet can be had through cable and digital subscriber lines (DSL), security holes are easier to exploit. They're easy to fix too, but few are, probably because few people know about the breaches in the first place. Certainly, the cable guy who hooked me up never told me that Windows, in effect, offers an Internet party line to my hard drive. I'm guessing that at least three of my neighbors weren't informed either.

How easy is it to tap into a neighbor's computer if it isn't secured properly? Insanely easy, I learned after a recent night of experimenting. It doesn't take any networking savvy -- just the right program and some anti-social attitude.

One such program is called SMBScanner. It took me about 10 minutes to find on the Internet. Like a police scanner monitoring many frequencies, this software rolls through Internet-protocol (IP) numbers (Internet addresses of nine digits separated by periods, the online equivalent to phone numbers), checking for open ports on computers. Now, a cable company like the one I use usually reserves blocks of successive IP numbers for customer use. So I figured my neighbors would have numbers nearly identical to mine, probably varying only in the last two digits. SMBScanner paid a visit to each of these addresses, checking to see if port 139 -- the connection point computers often use to network with one another -- was open. Within minutes, it found three.

From there, it was just a matter of employing the operating system's user-friendly ability to "map" another computer's hard drive to its own file system. This was a snap, given that two of the three computers had no password protection whatsoever. One poor user actually had a printer online. I pondered printing him or her a page reading YOU'VE BEEN HACKED! But what good would such a missive be if I couldn't enjoy the other person's surprise upon receiving it? Anyway, it was probably best to remain in stealth mode for this fact-finding mission. So I mapped someone else's C drive instead, giving me access to its contents. And that's when I found the directory named "Family Photos."

That's also when I chickened out. I couldn't nerve myself up to actually look at any of the snapshots. I felt guilty enough already for having snooped this far. So I disconnected. My point was made. I didn't actually want to peer into somebody else's computer; I just wanted to see if I could do it.

Anyone who has a high-speed Internet connection (and wants to avoid having done to them what I nearly did to my neighbors) should take the ShieldsUp security test offered by the Gibson Research Corp. (GRC, grc.com), run by computer guru Steve Gibson. It's where I learned about these vulnerabilities. GRC's Web site tests your computer to see what ports it can wiggle into. It's an eyeopener.

How does this happen? It's a weird amalgamation of factors, a snafu that only surfaces when home networking, dedicated Internet lines, and people's steadfast refusal to use passwords are combined.

Start with someone tying two computers together. According to GRC, when "Microsoft's networking client is installed, a default setting which would have protected many millions of computers if it were normally set to 'off' is instead set to 'on.'" Upshot? A home network is left open to the entire Internet. What is odd about this is that it is totally unnecessary. This option was set to "on" only to save Microsoft in customer-service calls, the Gibson site contends.

Until recently, the pitfalls of home networking were limited, as most networked Netters went online with dial-up connections, which were assigned IPs more randomly. They remained online for limited periods of time and so were harder to pinpoint. But as more people set up networks and use connections that are always "on," it is starting to make for a lot of sitting ducks.

And there are a lot of clandestine hunters out there. Here are computers that remain online for long stretches of time, with easily discoverable IP numbers. What better place than on somebody else's computer to spend some time nosing around, looking for free software or just some neighborly dish?

I asked a system administrator who, up until fairly recently, used to work for an Internet service provider, about port scans. How much did he used to see, I wondered. "The amount was staggering," he responded by e-mail -- about once a minute, some unknown computer cracker would test the lines, looking for an in. The friend's employer blocked that sort of traffic from reaching its customers, at least that from folks with other ISPs. It didn't stop this company's customers from snooping on each other, though, as I'd snooped on my neighbors.

GRC provides an easy explanation of how to secure port 139. All it involves is a few points and clicks. The biggest challenge is letting people know.

Liked this story? Get top stories in your inbox each week from AlterNet! Sign up now »