RE: DCOM Exploit MS03-026 attack vectors

["Bryan K. Watson" <bwatson () nettracers com>]

> Because 9 times out of 10 port 135 is blocked by some sort of firewall,
> whilst port 80 is not blocked on a web server.

Not telecommuters on dial-up IP's and Blue-Toothed into the net thru 
their Ericsson phones, and surfing from the airport and WIFI cafes of the 
world.   Most Sysadmins are still oblivious to the need for 
desktop/personal firewalls like Zone Alarm and McAfee.  Dial 
up IP address pools are THE attack vector to watch out for, since a crack 
there will crack the private networks of the world, either thru VPN, or 
when the user walks back into the office and plugs in the wormed system.

Spend hundreds of thousands on firewalling, millions in man hours on 
security, then let unprotected laptops in and out of your network, and 
allow uncontrolled home computers to VPN....what a waste.

You don't need high bandwidth for the initial spread....just a good 
vector.   People need to think about this threat differently...I'm sure 
that the crackers and espionage folks already have.

-Bryan

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html