Full Disclosure mailing list archives
Re: RE: DCOM RPC exploit
From: Valdis.Kletnieks () vt edu
Date: Sun, 27 Jul 2003 03:22:25 -0400
On Sat, 26 Jul 2003 23:49:05 PDT, "Steve W. Manzuik" said:
A worm exploiting this might happen, but is it really that big of a deal?
Compare the number of boxes that have the bug Slapper exploited with the number of boxes that have DCOM open to the world.... When I hear that a worm's finally been spotted, I'm yanking my laptop off the net and going home - and it's a Linux box. I'm just expecting to not get any useful connectivity for a while. And of course, anybody who's got half a clue and writes a worm is going to have it drop off a trojan/backdoor... And then those boxes get used as spam relays, front-end boxes for porn websites, keyboard sniffers, etc etc. Gonna take a LONG time to clean that mess up. Hell, we're *still* seeing Code Red traffic. And what we've *NOT* seen in the last 2 years is a CERT advisory of this magnitude against a Microsoft product that didn't spawn a "Holy Shit" scale worm. Unfortunately, we've gotten so lulled by the "Just another damned worm" scenario that maybe it's NOT a big deal anymore. And that's just as scary as the actual worm.
Attachment:
_bin
Description:
Current thread:
- RE: DCOM RPC exploit Steve W. Manzuik (Jul 26)
- Re: RE: DCOM RPC exploit Valdis . Kletnieks (Jul 27)
- Re: RE: DCOM RPC exploit Ron DuFresne (Jul 27)
- RE: RE: DCOM RPC exploit Steve W. Manzuik (Jul 27)
- RE: RE: DCOM RPC exploit Paul Schmehl (Jul 27)
- RE: RE: DCOM RPC exploit Steve W. Manzuik (Jul 27)
- RE: RE: DCOM RPC exploit Nick FitzGerald (Jul 27)
- Re: RE: DCOM RPC exploit Valdis . Kletnieks (Jul 27)