Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

MSRPC fragmentation note from Matt + Exception fun

From: Dave Aitel <dave () immunitysec com>
Date: Thu, 15 Sep 2005 16:35:24 -0400
Regarding the nfr paper...which has since been updated, I hear.

   There's also a minor technical inaccuracy there that needs to be
   fixed; MSRPC Fragmentation *does* occur naturally on large
   client-side requests, such as Printer queueing over named pipes.  So
   just alerting basic fragmentation ensures a bevy of falsies.  After
   publishing we were lucky enough to get a look at one of our larger
   customer's NASTY windows-centric networks and I observed it all over
   the place.

   Matt
As Window said at CANSEC regarding Microsoft's exception collection tool: "We get a fix a lot of security bugs through collecting exception information..." 

http://www.exceptioncollection.com/


     How this Service Works:

   * *You use the "New Developer Registration" form above to request a
developer login from us.* * *We instantly email you a developer login, a 
     password, and instructions for integrating
     ExceptionCollection with your programs.*
   * *You compile your programs and distribute them to your users.* The
     amount of code that you need to add for integration with
     ExceptionCollection is very, very small (usually 3 or 4 lines).
   * *When an Internet-connected user experiences an exception, details
     of that exception are programatically reported to, and stored
     on, ExceptionCollection.*
   * *You can browse to exceptioncollection.com from any web browser in
     the world, log in, and view details of any exceptions generated by
any of your programs or websites.* * Your programs can be written in C#/VB.NET, Java, VB6, Delphi, C++, 
     or any other SOAP-enabled language. (Yes, VB6 is SOAP-enabled
     <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnhcvb04/html/vb04g9.asp>
     with the SOAP toolkit.) For .NET, we provide a compiled component
     (DLL file)
     <http://www.exceptioncollection.com/SherpaExceptions.zip> so that
     you don't even have to mess with SOAP and web services.
     ExceptionCollection integrates with all kinds of applications,
     web-based as well as OS-specific (Windows, Unix, etc.).
   * ExceptionCollection records valuable information about every
     exception, including the file and line number generating the
     exception. A "Custom Info" field allows you to store data unique
     to your product, such as the version number of libraries on which
     your product depends.


-dave
Previous By Date Next
Previous By Thread Next

Current thread: