Firewall Wizards mailing list archives
Fw: [Full-Disclosure] DCOM Exploit MS03-026 attack vectors
From: "Jeremiah Cornelius" <jeremiah () nur net>
Date: Fri, 1 Aug 2003 12:15:32 -0700
----- Original Message ----- From: "Jeremiah Cornelius" <jeremiah () nur net> To: "Bryan K. Watson" <bwatson () nettracers com>; <full-disclosure () lists netsys com> Sent: Friday, August 01, 2003 12:02 PM Subject: Re: [Full-Disclosure] DCOM Exploit MS03-026 attack vectors
<snip>Because 9 times out of 10 port 135 is blocked by some sort of
firewall,
whilst port 80 is not blocked on a web server.Not telecommuters on dial-up IP's and Blue-Toothed into the net thru their Ericsson phones, and surfing from the airport and WIFI cafes of
the
world.</snip> Bluetooth phones as modems! I have been calling on this issue for some time, and generally received a dismissive response from System Administrators and IT management. No one wants the work load or responsibility this entails. I suppose that if you don't acknowledge the problem's existence, you can't be faulted for lack of due care! If they keep their heads in the sand long enough, somebody is going to find out what Ostrich meat tastes like... As this technology becomes more prevalent over the next 2 years or so, you can kiss your idea of perimeter goodbye. A better argument for 'defence
in
depth' and 'crunchy centers' could not be made. All hosts should be
handled
as if they were accessible from untrusted segments - they soon will be, if they are not already. This is just the technology we already have on hand. Remote, mobile, FAST communications technologies are springing up like weeds. Bluetooth
scanning
is inherently more problematic than looking for a rogue WiFi AP. The technology is mobile, VERY short range/low power, and has legitimate business use on multi-function devices. You can't expect to wrap your building in a Faraday cage - there is no way to gatekeep this. It will have to be a condition we adapt ourselves to deal with. Begin with
hardened
hosts. Even marketroid laptops. Ultimately, something like mutual host authentication/authorization is going to be needed everywhere on the inside - but it's obviously not a cure-all. If my laptop is a router for
my
phone, which is a router for kiddeez... Kiddee is authed to my server. It's gonna' be a fun ride, and the best is yet to come!
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Fw: [Full-Disclosure] DCOM Exploit MS03-026 attack vectors Jeremiah Cornelius (Aug 01)
- Re: Fw: [Full-Disclosure] DCOM Exploit MS03-026 attack vectors Paul Robertson (Aug 02)
- <Possible follow-ups>
- Re: [Full-Disclosure] DCOM Exploit MS03-026 attack vectors R. DuFresne (Aug 03)