Full Disclosure mailing list archives
Re: MSDE contained in...
From: Paul Schmehl <pauls () utdallas edu>
Date: 28 Jan 2003 17:51:14 -0600
On Tue, 2003-01-28 at 11:41, nutcase26 wrote:
Paul et al, Forgive my ignorance, but are you telling me that when an FTP, HTTP, Telnet client initiates a request to a remote server that my client doesn't interface with eth0?
Of course it does. But it doesn't *listen* on those ports. It queries the server, which then responds on the same port. Your browser, for example, isn't going to simply start popping up web pages because someone sent packets on port 80. Your browser has to make the request, and then it will only accept the answer from the address that it queried (excluding monkey business on the part of a MITM attack.)
You mention in general but then very boldly state below " It's only if the app is being used **as a server** Which is it, is it general or only ?
I wouldn't say that *no* MSDE app is ever listening on port 1434/UDP because I don't *know* that for a fact. But *many* MSDE apps will not be because they don't act as servers **on the network interface**. The only act as servers to localhost. *If* an MSDE is acting as a server for *other* computers, then yes, it would have that port open.
When I use Visio to PUBLISH my architectural design to my web server am I not infact opening the MSDE and port * ?
No, because you are publishing to a server. The *server* may have port 1433/TCP open and *may* have port 1434/UDP open, but you computer will not. (It's much more likely the server has port 21 open, and your "publishing" ftps the files to the web server.)
Doesn't mickeysoft want us to let them determine when updates are required?
They'd like you to determine what shorts to wear.
Paul, are you a user of Microsoft products?
Do you know anyone in an enterprise setting that isn't? Of course I am. I'm running RedHat beta and using Evolution as my email app, but I get my mail from an Exchange server (among others), so I *have* to use MS apps, whether I want to or not.
I'm not sure how that makes a difference, but.... -- Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/~pauls/ AVIEN Founding Member _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MSDE contained in... Tina Bird (Jan 27)
- Re: MSDE contained in... Paul Schmehl (Jan 28)
- Re: MSDE contained in... nutcase26 (Jan 28)
- Re: MSDE contained in... Paul Schmehl (Jan 28)
- Re: MSDE contained in... nutcase26 (Jan 28)
- Re: MSDE contained in... Paul Schmehl (Jan 28)