Full Disclosure mailing list archives
Re: It's not that simple... [Was: Re: Disney Down?]
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 19 Aug 2005 11:00:32 +1200
fd () ew nsci us to Ron DuFresne:
Perhaps it does realte considering the above and considering that the unix world learned many of the evils of RCP services over ten years ago that seem to hit the M$ realm every few months, repeatedly...We used to call them rsploits when it was common in unix. Friends and I had a good chuckle when MS started repeating history, having rsploits of its own. I would love to deny all port 445 with layer-3 switches but this would be like blocking portmap and expecting NFS to still mount. What have we learned from the past that we can apply to our MS networks, since they have become a (un)necessary evil? How neutered does an MS workstation become if the RPC port is completely blocked from the outside? Perhaps "mostly harmless" ? What would it take to write an RPC filter to only accept RPCs which we actually care about? In addition, why is PnP even an RPC accessible from the outside (no, upnp is not a good reason)!? Most importantly, we need to eliminate the entire RPC attack vector in the future for Microsoft systems -- this is not the first MS rsploit and we will certainly see more.
Why don't folk -- well, sys-admins anyway -- actually take the time to bother to learn what their systems do and how they work??? OK, MS does not make this astoundingly easy in many cases, but there are some very good (amongst some very, very poor) "hardening guides" out there written by folk who do know what they are talking about AND that explain why you should use, or at least might consider, each option, and why some options are only suitable in certain scenarioes. Of course, when it comes to OSes like XP Home, the security stance has always been "everything that has worked before must keep working" so, rather than learning from their long history of mistakes and fixing things, MS compounded those mistakes by rolling them all together in a nice shiny new box with an even bigger marketing budget... SP2 shows that, in fact, after too many, too embarrassing, too big to hide from the media virus and worm outbreaks due largely to the fact that it had been taking this entirely irresponsible approach to security (especially for those of its customers who needed the most help with such things), even the 800lb Gorilla known as Microsoft _can_ change. We won't debate how much and whether it's enough, though I doubt few here would disagree that "there's a fair way to go yet" pretty much covers it... Instead of making an everything on, working out of the box, approach even MS may be working its way to the "only enable it if it's needed for basic functionality" approach. Of course, when MS gets to that position, there will then be hell to pay when the installation scripts for most third-party apps, drivers, etc start undoing all MS' good work and do the "set everything on because we know our cr*ppy product works if it is set that way". Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- It's not that simple... [Was: Re: Disney Down?] Fergie (Paul Ferguson) (Aug 17)
- Re: It's not that simple... [Was: Re: Disney Down?] Micheal Espinola Jr (Aug 17)
- RE: It's not that simple... [Was: Re: Disney Down?] Geo. (Aug 17)
- Re: It's not that simple... [Was: Re: Disney Down?] Micheal Espinola Jr (Aug 17)
- Re: It's not that simple... [Was: Re: Disney Down?] Ron DuFresne (Aug 17)
- Re: It's not that simple... [Was: Re: Disney Down?] fd (Aug 18)
- Re: It's not that simple... [Was: Re: Disney Down?] Nick FitzGerald (Aug 18)
- Re: It's not that simple... [Was: Re: Disney Down?] Ron DuFresne (Aug 22)
- Re: It's not that simple... [Was: Re: Disney Down?] James Tucker (Aug 19)
- Re: It's not that simple... [Was: Re: Disney Down?] Barrie Dempster (Aug 19)
- RE: It's not that simple... [Was: Re: Disney Down?] Geo. (Aug 17)
- Re: It's not that simple... [Was: Re: Disney Down?] Micheal Espinola Jr (Aug 17)
- Re: Re: It's not that simple... Jason Coombs (Aug 17)
- Re: Re: It's not that simple... Kurt Seifried (Aug 17)
- Re: Re: It's not that simple... Micheal Espinola Jr (Aug 17)
- Re: Re: It's not that simple... Jason Coombs (Aug 17)
- Re: Re: It's not that simple... yossarian (Aug 17)