Full Disclosure mailing list archives
Re: Cox is blocking port 135 - off topic
From: Joey <joey2cool () yahoo com>
Date: Mon, 11 Aug 2003 11:31:13 -0700 (PDT)
Microsoft says - "To exploit this vulnerability, the attacker must be able to send a specially crafted request to port 135, port 139, port 445, or any other specifically configured RPC port on the remote computer. For intranet environments, these ports are typically accessible, but for Internet-connected computers, these ports are typically blocked by a firewall." But since those are different services(SMB, DCOM, Netbios), wouldnt you need to send an entirely different packet? it sounds impossible to use the same exploit on multple protocols. Port 80 is not an attack vector - "RPC over UDP or TCP is not intended to be used in hostile environments, such as the Internet. More robust protocols, such as RPC over HTTP, are provided for hostile environments." http://support.microsoft.com/?kbid=823980 Microsoft is saying RPC over UDP or TCP shouldnt be used on the internet and you need a firewall to block the ports anyway. I guess they aren't keeping their new promise for security seriously. --- roman.kunz () juliusbaer com wrote:
hi list, i tried all different DCOM RPC sploit's i could find (from the very beginning till the newest versions). i couldn't find any succesfully working on other ports then 135.
__________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Cox is blocking port 135 - off topic roman . kunz (Aug 11)
- Re: Cox is blocking port 135 - off topic Joey (Aug 11)
- Re: Cox is blocking port 135 - off topic harq deman (Aug 11)
- rpc worm Jordan Wiens (Aug 11)
- RE: rpc worm Jason Coombs (Aug 11)
- RE: rpc worm Jordan Wiens (Aug 11)
- Re: Cox is blocking port 135 - off topic harq deman (Aug 11)
- Re: Cox is blocking port 135 - off topic Joey (Aug 11)