Firewall Wizards mailing list archives
RE: Vulnerability Response (was: BGP TCP RST Attacks)
From: "Paul D. Robertson" <paul () compuwar net>
Date: Tue, 1 Jun 2004 08:45:54 -0400 (EDT)
On Fri, 28 May 2004, Ben Nagy wrote:
Take a look at the recent security record of MS RPC endpoints. You can't turn them off. You can't secure them. Windows will break.
Funnily enough, I booted WinXP Pro on my laptop[0] last week to put some shellcode through a disassembler. There was no danger from any RPC-based malcode.
How _ELSE_ do you want to deal with that problem? Let me put it a different
Strategically, I want to deal with it the right way- either removing the dependence on RPC (hey, all my Linux systems don't need network-based RPC anymore) or by getting the developers to give me better separation- MS is actually starting to do that with whatever-the-heck-the-next-bug-cluster-is-called.
You can only harden up until the OS will let you. If the core service has an
Not true- you can firewall things that the OS won't let you do.
exploitable bug then only a patch will fix it. Other solutions (like my
If it can't be attacked, then arguably, it doesn't need to be fixed.
Even assuming that you could have pre-hardened a box (it is true that hardening _might_ have let you dodge Blaster and Sasser, but wait until the multiple vectored worms really start hitting us) then most people just won't do it. In any case, having a huge freaking gaping security hole in a core service is not something I feel comfortable about, same as running a thousand Win95 boxes "behind a firewall" sends shivers down my spine.
Yet lots of people do it every day and don't have many problems.... Paul [0] G4 Powerbook, running XP in VirutalPC with the hosting OS providing firewalling. I find BOCHs interesting strategically because you actually could do kernel level firewalling. ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Vulnerability Response (was: BGP TCP RST Attacks), (continued)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Ben Nagy (Jun 04)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Paul D. Robertson (Jun 04)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Ben Nagy (Jun 01)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Marcus J. Ranum (Jun 01)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Ben Nagy (Jun 01)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Marcus J. Ranum (Jun 01)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Paul D. Robertson (Jun 01)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) R. DuFresne (Jun 01)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Marcus J. Ranum (Jun 01)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Jim Seymour (Jun 01)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Marcus J. Ranum (Jun 01)
- Re: Vulnerability Response (was: BGP TCP RST Attacks) M. Dodge Mumford (Jun 01)
- Re: Vulnerability Response (was: BGP TCP RST Attacks) Paul D. Robertson (Jun 01)
- Re: Vulnerability Response (was: BGP TCP RST Attacks) Marcus J. Ranum (Jun 01)
- Re: Vulnerability Response (was: BGP TCP RST Attacks) Paul D. Robertson (Jun 01)
- Re:Vulnerability Response (was: BGP TCP RST Attacks) Marcus J. Ranum (Jun 01)