Full Disclosure mailing list archives
Re: Cox is blocking port 135 - off topic
From: "harq deman" <harqman () btopenworld com>
Date: Sun, 10 Aug 2003 22:51:37 +0100
With the DCom vulnerability affecting: - Every fresh install of most windows operating systems, - Every system where the user is too dumb to click the obvious update button, - Every system registered with a pirate key that has had its access to windows update suspended, it is IMHO only a short period of time before a successful worm takes effect. At that point, it is highly probably that MS networking will be shunned by most responsible ISPs for their customers protection. May I draw your attention to http://www.cs.berkeley.edu/~nweaver/warhol.html It is highly likely that, in the future, any fresh installs of Windows NT4 / XP / 2000 / 2003 will be `owned' by a dcom worm in less time than it takes to download the patch. <JOKE> Microsoft should change the ports used by their operating systems during patching operation </JOKE> Perhaps Cox is ahead of the crowd...? maybe I'm talking shit.. I don't know, I'm high peace harq ----- Original Message ----- From: <pdt () jackhammer org> To: "Kurt Seifried" <listuser () seifried org> Cc: <joey2cool () yahoo com>; <full-disclosure () lists netsys com> Sent: Sunday, August 10, 2003 11:55 PM Subject: Re: [Full-disclosure] Cox is blocking port 135 - off topic
If they do it like Comcast has it implemented even clients on the same cable router can't speak on the "windows" ports to each other. Last I checked they were blocking 137-139 and have been for some time.Off topic: This won't help much at all. Windows 2000/XP run Microsoft SMB over TCP
on
445 as well (reduced overhead then 135/etc, no NetBIOS layer). When a client tries to connect to a remote host for file/print sharing/etc it connects on both ports 135 and 445, if a response is recieved from port 445 it drops the connection to 135. THe attack works quite well against client systems using port 445. If Cox blocks both ports 135 and 445 that will be
semi-effective
(except of course for internal users who spread a worm/etc, such as laptops that move around). THis may block a few of the more stupid attacks but
not
for long. Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Cox is blocking port 135 Joey (Aug 10)
- Cox is blocking port 135 - off topic Kurt Seifried (Aug 10)
- Re: Cox is blocking port 135 - off topic martin f krafft (Aug 10)
- Re: Cox is blocking port 135 - off topic pdt (Aug 10)
- Re: Cox is blocking port 135 - off topic harq deman (Aug 10)
- Re: Cox is blocking port 135 - off topic bugtracker505 (Aug 10)
- Re: Cox is blocking port 135 - off topic Joey (Aug 10)
- Re: Cox is blocking port 135 - off topic Nick FitzGerald (Aug 10)
- Re: Cox is blocking port 135 - off topic Anthony Clark (Aug 10)
- Re: Cox is blocking port 135 - off topic Joey (Aug 10)
- RE: Cox is blocking port 135 - off topic Rick Kingslan (Aug 10)
- Message not available
- Re: Cox is blocking port 135 - off topic Anthony Clark (Aug 10)
- Cox is blocking port 135 - off topic Kurt Seifried (Aug 10)