Full Disclosure mailing list archives

RE: Cox is blocking port 135 - off topic

From: "Rick Kingslan" <rkingsla () cox net>
Date: Sun, 10 Aug 2003 21:56:35 -0500

You might want to drop Todd Sabin a note at Razor Bindview and ask him.
He's the one that apparently exposed the potential for other ports (137,
445, 539).  My expeirences with Todd over the years is that he rarely
discloses a potential for vulnerabilty unless there is a reason.  And, he
rarely plays games.

But, then - everyone gets bored now and again....

-rtk 

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Joey
Sent: Sunday, August 10, 2003 9:02 PM
To: Anthony Clark; full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Cox is blocking port 135 - off topic

I don't think DCOM is used on any other port besides 135. When i disabled
dcom using dcomcnfg.exe, the only port that stopped listening was 135.

and for the specifics for how the buffer overflow
works(http://www.lsd-pl.net/special.html) - "In a result of implementation
error in a function responsible for instantiation of DCOM objects, remote
attackers can obtain remote access to vulnerable systems."

People claim that the same buffer overflow works on the SMB port(445) which
is an entirely different service, but can they prove it?

--- Anthony Clark <volkam () comcast net> wrote:

Right..

/* Windows 2003 <= remote RPC DCOM exploit
 * Coded by .:[oc192.us]:. Security
 * Modified by rogers@efnet
 *
 * Features:
 *
 * -d destination host to attack.
 *
 * -p for port selection as exploit works on ports other than
135(139,445,539 etc)


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com _______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Cox is blocking port 135 Joey (Aug 10)
- Cox is blocking port 135 - off topic Kurt Seifried (Aug 10)
  - Re: Cox is blocking port 135 - off topic martin f krafft (Aug 10)
  - Re: Cox is blocking port 135 - off topic pdt (Aug 10)
    - Re: Cox is blocking port 135 - off topic harq deman (Aug 10)
    - Re: Cox is blocking port 135 - off topic bugtracker505 (Aug 10)
  - Re: Cox is blocking port 135 - off topic Joey (Aug 10)
    - Re: Cox is blocking port 135 - off topic Nick FitzGerald (Aug 10)
    - Re: Cox is blocking port 135 - off topic Anthony Clark (Aug 10)
    - Re: Cox is blocking port 135 - off topic Joey (Aug 10)
    - RE: Cox is blocking port 135 - off topic Rick Kingslan (Aug 10)
    - Message not available
    - Re: Cox is blocking port 135 - off topic Anthony Clark (Aug 10)