Full Disclosure mailing list archives
Re: DCOM RPC exploit (dcom.c)
From: Paul Schmehl <pauls () utdallas edu>
Date: 27 Jul 2003 18:06:43 -0500
On Sun, 2003-07-27 at 16:23, Jason wrote:
Pg 189 of the document located at the link previously provided. The link is included here again for convenience. http://downloads.securityfocus.com/library/S24NTSec.doc Interestingly it makes use of a free program for windows available at http://www.kixtart.org/
Interestingly, I've done a bit of scripting in KiXtart myself. Of course, you make the assumption that every computer on the network logs in to a domain, and this simply isn't the case. Being an admin means you have to solve those problems as well, not just the easy ones.
There is a difference between the tools to manage it easily and the tools to manage it. The tools are there to automate this and many other changes. basic instructions. Start->Run [cmd|command] cd \my\netlogon\share edit netlogon.bat @import_sec_reg_keys.bat Alt->F->X->Yes
It takes a lot more work than that. What do you do about the machines that *do* need DCOM? Ever notice there are students learning programming at a university? It's not like a corporation where you can shove changes down people's throats without planning carefully first. You keep trying to trivialize the difficult. And you make the false assumption that I'm complaining about my *own* problems, when in fact that's not the case at all. I'm arguing on behalf of all the people you so cavalierly denigrate.
If the "Unis" do all this work for free ( hardly, my taxes pay for it ) and play such a huge role then maybe they could do a little research as a team and make it "Easy" to run windows.
Your taxes pay for the universities to do their work, but that work is provided to the world for free. Don't trivialize that.
Funny how you think *your* labor has value, but the IT admins' does not.Hardly my position. I never stated my labor has value and the IT admins labor does not. I did state "I will charge a fair price for a fair days work" If that implies that my time has value and admin time does not then I suggest it is time to evaluate either the fair price being charged or the fair days work being delivered.
You have consistently stated that all that needs to be done is "the work". The implication is that there's nothing to it. It can be easily done if folks would just get to work. That implication is false and trivializes the amount of work that has to be done. That is what I'm objecting to.
Attempting to put words into my mails and twist my statements to support your position will not work.
If I did that, you'd have a legitimate complaint. I haven't.
Oh, I get it. You've never actually used an IDS. You just understand the dictionary definition of one. Try sitting in front of the console staring at a half a million alerts and see if the IDS *does* anything besides spewing information that *you* have to research, that *you* have to interpret and that *you* have to take action on.All this reminds me of a quote. I cannot recall the orgin unfortunately. "never argue with idiots, they will drag you down and beat you with experience"
Indeed. Your post proved you know nothing about IDSes, so when I pointed that out, you retreat to quotes and smug replies. I can't say that I'm surprised.
Sounds like a case of the pending Mondays to me. Do this, turn off the IDS and try not having it to catch you when the fan starts spreading dung. Then try to fix the situation at hand and become proof positive of Darwin's Theory.
Cute. Again you assume that I'm referring to my own situation and not to the general subject of your attitude toward network administrators, and even more generally, to the attitude of many who are ignorant of what it takes to run a large network, especially at a university. If you had a clue, you wouldn't post what you posted. -- Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: DCOM RPC exploit (dcom.c), (continued)
- Re: DCOM RPC exploit (dcom.c) gregh (Jul 26)
- Re: DCOM RPC exploit (dcom.c) Nick FitzGerald (Jul 26)
- RE : DCOM RPC exploit (dcom.c) Nicolas Villatte (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Jason (Jul 26)
- Re: DCOM RPC exploit (dcom.c) Chris Paget (Jul 26)
- Re: DCOM RPC exploit (dcom.c) Jason (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Paul Schmehl (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Jason (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Paul Schmehl (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Jason (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Paul Schmehl (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Nick FitzGerald (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Jason (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Paul Schmehl (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Ron DuFresne (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Jason (Jul 28)
- Re: DCOM RPC exploit (dcom.c) Robert Wesley McGrew (Jul 28)
- Re: DCOM RPC exploit (dcom.c) Robert Wesley McGrew (Jul 28)
- Re: DCOM RPC exploit (dcom.c) Ron DuFresne (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Paul Schmehl (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Knud Erik Højgaard (Jul 27)