Re: DCOM RPC exploit (dcom.c)

[Neeko Oni <neeko () haackey com>]

Note: I'm pretty sure this'll spawn a lot of vicious hatemail and/or a 
subthread or two about how *horrible* I am for posting Chris's mail to me.
Honestly, I don't care.  It'll be nice to see how many people reading this
list are "PaymeforCSandPorn" admins.  I think our writing is far more
readable (and less insulting to the eyes) than that of morningwood/etc, and
if they can take the list in horrible, offtopic, flame-engulfed directions..
At least when I write "ware to omppile code plz!!!!!!" I'm *kidding.*

Read on, my children.  Laugh, as I have laughed.  If you take this too
seriously, go read some Hopkins.  That dapple-dawn-drawn falcon always
makes me feel better.

Everything quoted with ">" is Mr. GenericWinAdmin.
(Chris)

.Neek

> I'm taking this off the list, since you're obviously after a flame-war.  I'm not
> about to start one on the list.

I wasn't after a flame-war, you were flamebait.

> If the worm goes after SP3, it'll get 70-80% of the Windows hosts on the net,
> while the others just fall over.  Plenty enough to propagate, and a nice way to
> kill the remainder.

99% of statistics are made up.  100% of the bullshit you cite is bullshit. 
Next?
(Oh, and why aren't those 70-80% patched at SP4 with RPC firewalled?)

> What's the weather like on your planet?  What about the compiled binaries that
> people are now hosting?

I thought I'd kill two birds with one stone and point out how ignorant/lazy/etc
you were being _and_ take a shot at the people asking the same questions you
were probably asking in #l33th4ck@UB3RN3T a few weeks ago.
(were do i downlod gcc !!! i have winxp)

> You've obviously never administered a network with 10,000 servers.

Typical.  "Waahh, I can't be expected to firewall, patch, or otherwise protect
my machines!  When will I have time to play Counter-Strike and leech porn?"
You aren't /actually/ paid to play CS and download pornography, sir.  That's
why you have to take classes in buzzwordology, remember?

> How about blaming people who give guns away for free?

What would you do for a profession if it weren't for people giving away 'guns'
for free?  Dear Mr. Pentester, you're staring the gifthorse in the mouth and
asking for trouble.

> Actually, NAT is the correct word.  Network Address Translation covers a range
> of IP-layer translation technologies - check your facts.

You should be more specific in the future; this is, infact, a technical forum.
It's not just the place where you can collect warez, charge Joe Corp to run it,
and whine that other people can do the same thing.

> As for looking like I'm exploiting these sites - have you sat on a raw internet
> pipe and looked at the amount of TCP/135 traffic flying around at the moment?
> You really think any more is gonna be noticed?

A raw.. internet pipe.. Someone flipped over his buzzword of the day calender!
PHB, is that you?  I think it's nice that you've backed off and you're trying
to justify your suggested attack on those servers.
(ObGodwin: I bet you're the kind if *Nazi* that burns books you don't agree
with, too.  Information is for you, and you alone!)

> The point?  There is none.  That's why I was thinking of doing it instead of
> actually doing it.

You essentially threatened those websites.  Have I told you to grow up yet?
I'm telling you now.  Grow up.
Nobody is to blame when your machines get compromised by your clubie brethren
*except you* -- astounding.

> Mental giant?  Probably not.  Smart enough to write my own exploit code for
> this?  Yes.  Smart enough to work for NGS Software, pen-testing some of the
> worlds largest companies?  Definitely.  Don't believe me?  Phone up any of the
> top guys at Oracle and ask them about me - they all know me by name, and will
> vouch for my intelligence and skill.  You, on the other hand, are a nobody.

I'm Neek.  Nice meeting you.  I'd never heard of you before your inane,
ignorant post on this list; great way to meet someone, eh?  Sir, you don't
matter.  I hate to burst your bubble, but I came home to a nice load of
messages saying I did the right thing, smacking you in the head.
"I'm Nobody! Who are you?/Are you - Nobody - Too?/Then there's a pair of us!"

> Sure.  Despite the fact that I was penetration testing for a living long before
> Slammer hit.  And if you think it's dumb to still be patching when Slammer hit,
> I say again - you've never administered a network of 10,000 servers.  Even MS
> got hit - patching servers was evidently not as easy as you made out.

What are you paid to do?  Oh, that's right.  Counter-Strike and porn.
Welcome to the real world.  Perhaps Microsoft got hit by Slammer, but remember:
They're the same knuckleheads that wrote the software being exploited.
How long did you girls have to patch before Slammer came around?  Do you
play *that much* CS?  Do you view *that much* pornography?  Get on the 
fucking ball and stop ruining things for the rest of us.  

> Next time you want to start an argument to try and make yourself look smart,
> make sure you know what you're talking about first.

Next time you post a whiney message to a mailing list.. make sure 
you're justified.  Or keep it simple: "I DON'T WANT TO PROTECT MY MACHINES!
STOP RELEASING CODE!  I PREFER TO BURY MY HEAD IN THE SAND AND PRETEND ITS
NOT EXPLOITABLE!"
Many long discussions with people far less.. well, you're /that/ type of
"security" guy.  Then there's the other, productive type.  After long 
discussions with the /productive/ type, it's pretty easy to say that you
guys would never patch (until compromised) without having an exploit thrown
in your face.  It's the sad, sad truth.

> Chris

More notes:
* Refer to the "A question for the list..." thread (back in May?) before
crying about forwarding a "private" conversation between two people.
* Notice that I didn't say anything regarding whether our friend Chris
actually has the credentials he brags about: The horrible truth is, he 
very well may.  These guys get paid an awful lot to play CS/view porn/echo
buzzwords, and they make good impressions on (clueless) managers.  He could
very well be some kind of PHB security messiah.  Another hint as to why
Slammer was such a 'success' as far as propagation.  This leads us to...
* Neekie's Law: Those who can, do.  Those who can't, get promoted.


If you've read this far, I think you'll read anything.  Read this.

[Bratty Little Bacon Boy]
Bratty little bacon boy-
Oh, what a bratty little bacon boy, he was.
Bratty little bacon boy ate bacon, nothing more;
Nothing more, nothing less... bacon, he said,
Was the very best!
Bacon in the morning, bacon in the noon,
Bacon on a moonlit night, bacon in the bedroom.
That was, of course, until the faithful day,
When bratty little bacon boy... turned to bacon-
And tragicly, sadly, sizzled away.
Yum.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html