Re: DCOM RPC exploit (dcom.c)

[Blue Boar <BlueBoar () thievco com>]

security snot wrote:

> I don't understand how having any of the
> poorly written public exploits for this vulnerability will help in the
> securing process in any way.  Unless you mean that the threat of a worm is
> more realistic because now hackers, along with security professionals,
> both have access to some form of exploits they can use to create a worm
> with, and this threat is enough to convince Asian nations to update all
> their machines.
>
> Other than that, could you please explain how the distribution of such
> materials actually will "help prepare", as you say, for the upcoming worm?

Troll though this may be, I'll go ahead an answer for the benefit of anyone 
else who might have been curious about the same thing.

There's a decent chance the work will be based on an existing exploit.  If 
one has made any effort (IDS rules, etc) to detect the exploit, then they 
will be prepared for the worm as well.

What kinds of evidence does the exploit leave behind?  If one can try the 
exploit(s), then they can determine what an exploited machine looks like.

                                                BB

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html