Re: DCOM RPC exploit (dcom.c)

[Paul Schmehl <pauls () utdallas edu>]

On Sun, 2003-07-27 at 16:23, Jason wrote:
> Pg 189 of the document located at the link previously provided. The link 
> is included here again for convenience. 
> http://downloads.securityfocus.com/library/S24NTSec.doc
>
> Interestingly it makes use of a free program for windows available at 
> http://www.kixtart.org/

Interestingly, I've done a bit of scripting in KiXtart myself.  Of
course, you make the assumption that every computer on the network logs
in to a domain, and this simply isn't the case.  Being an admin means
you have to solve those problems as well, not just the easy ones.
> There is a difference between the tools to manage it easily and the 
> tools to manage it. The tools are there to automate this and many other 
> changes.
>
> basic instructions.
>
> Start->Run [cmd|command]
> cd \my\netlogon\share
> edit netlogon.bat
> @import_sec_reg_keys.bat
> Alt->F->X->Yes
It takes a lot more work than that.  What do you do about the machines
that *do* need DCOM?  Ever notice there are students learning
programming at a university?  It's not like a corporation where you can
shove changes down people's throats without planning carefully first.

You keep trying to trivialize the difficult.  And you make the false
assumption that I'm complaining about my *own* problems, when in fact
that's not the case at all.  I'm arguing on behalf of all the people you
so cavalierly denigrate.
> If the "Unis" do all this work for free ( hardly, my taxes pay for it ) 
> and play such a huge role then maybe they could do a little research as 
> a team and make it "Easy" to run windows.
Your taxes pay for the universities to do their work, but that work is
provided to the world for free.  Don't trivialize that.
> > Funny how you think *your* labor has value, but the IT admins' does not.
> Hardly my position. I never stated my labor has value and the IT admins 
> labor does not. I did state "I will charge a fair price for a fair days 
> work" If that implies that my time has value and admin time does not 
> then I suggest it is time to evaluate either the fair price being 
> charged or the fair days work being delivered.
You have consistently stated that all that needs to be done is "the
work".  The implication is that there's nothing to it.  It can be easily
done if folks would just get to work.  That implication is false and
trivializes the amount of work that has to be done.  That is what I'm
objecting to.

> Attempting to put words into my mails and twist my statements to support 
> your position will not work.
If I did that, you'd have a legitimate complaint.  I haven't.
> > Oh, I get it.  You've never actually used an IDS.  You just understand
> > the dictionary definition of one.  Try sitting in front of the console
> > staring at a half a million alerts and see if the IDS *does* anything
> > besides spewing information that *you* have to research, that *you* 
> > have to interpret and that *you* have to take action on.
> All this reminds me of a quote. I cannot recall the orgin unfortunately.
>
> "never argue with idiots, they will drag you down and beat you with 
> experience"
Indeed.  Your post proved you know nothing about IDSes, so when I
pointed that out, you retreat to quotes and smug replies.  I can't say
that I'm surprised.

> Sounds like a case of the pending Mondays to me. Do this, turn off the 
> IDS and try not having it to catch you when the fan starts spreading 
> dung. Then try to fix the situation at hand and become proof positive of 
> Darwin's Theory.
Cute.  Again you assume that I'm referring to my own situation and not
to the general subject of your attitude toward network administrators,
and even more generally, to the attitude of many who are ignorant of
what it takes to run a large network, especially at a university.  If
you had a clue, you wouldn't post what you posted.

-- 
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html