Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MSDE contained in...

From: Paul Schmehl <pauls () utdallas edu>
Date: 28 Jan 2003 17:51:14 -0600
On Tue, 2003-01-28 at 11:41, nutcase26 wrote:

Paul et al,

Forgive my ignorance, but are you telling me that when an FTP, HTTP, Telnet
client initiates a request to a remote server that my client doesn't
interface with eth0?


Of course it does.  But it doesn't *listen* on those ports.  It queries
the server, which then responds on the same port.  Your browser, for
example, isn't going to simply start popping up web pages because
someone sent packets on port 80.  Your browser has to make the request,
and then it will only accept the answer from the address that it queried
(excluding monkey business on the part of a MITM attack.)


You mention in general but then very boldly state below " It's only if the
app is being used **as a server**

Which is it, is it general or only ?


I wouldn't say that *no* MSDE app is ever listening on port 1434/UDP
because I don't *know* that for a fact.  But *many* MSDE apps will not
be because they don't act as servers **on the network interface**.  The
only act as servers to localhost.

*If* an MSDE is acting as a server for *other* computers, then yes, it
would have that port open.


When I use Visio to PUBLISH my architectural design to my web server am I
not  infact opening the MSDE  and port * ?


No, because you are publishing to a server.  The *server* may have port
1433/TCP open and *may* have port 1434/UDP open, but you computer will
not.  (It's much more likely the server has port 21 open, and your
"publishing" ftps the files to the web server.)


Doesn't mickeysoft want us to let them determine when updates are required?


They'd like you to determine what shorts to wear.


Paul, are you a user of Microsoft products?


Do you know anyone in an enterprise setting that isn't?  Of course I
am.  I'm running RedHat beta and using Evolution as my email app, but I
get my mail from an Exchange server (among others), so I *have* to use
MS apps, whether I want to or not.



I'm not sure how that makes a difference, but....

-- 
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: