Enterprise Network Manager revelation-SMB 0-day Intranet penetration and defense

This smb 0-day vulnerability has been around for a long time. Since it is too busy to work, I have never been concerned about it. This vulnerability affects vista, windows 7, and windows 2008. EXP must be available now. Some people have tested the vulnerability to attack vista and windows 2008.
Let's talk about Intranet penetration first. In the process of penetration, the first problem to be faced is how to quickly locate windows 2008, windows 7, and vista. Here I provide two ideas:
1. Scan the windows SMB version. For example, if windows 7 is 6.1, you can search for the tool yourself. For the sake of harmony, the program name of the SMB version cannot be scanned.

2. If you cannot find the SMB scanner, you can try to scan the IIS version. This method is relatively simple and accurate, with 80 more scanners.
As a reminder, large-scale scanning can easily trigger alarms, especially during this special period, when security workers put on a long line to catch a big fish, they will be scanned. I believe that if you have a wealth of penetration experience, you can find out which machines on the network can be operated through non-scanning methods :)
As for the defense logic, it is very simple and complicated: port 135-139,445.
There are also many methods to seal these ports. The advantages and disadvantages are as follows:
1. Use the routing switch device to seal the device. The advantage is that you do not need to operate the terminal, and it is difficult for the end user to modify the policy. The disadvantage is that the blocks are too large to implement access control from the entire PC to the PC. In addition, if there are exceptional users, operations and audits are quite troublesome. If you can enforce this policy and have high security tolerance, this is the best choice.
2. Block it through the local firewall, such as SEP and MCAFEE. The advantage is that policies can be issued in a unified manner, with exceptional user control. The disadvantage is that the system may have to pay a performance cost for this.
3. Use activex to control ipsec Policy blocking. The advantage is unified distribution, flexible exceptions, detailed control points, strong control, and low impact on the system. The short point is that the user may close the IPSEC service, but this short point can be avoided: automatically enable the ipsec service upon initial installation, and regularly call activex check and enable the ipsec service through external scans or the OA system. Of course, if you have a domain, it can also be implemented through the domain.