Re: DCOM RPC exploit (dcom.c)

[Nick FitzGerald <nick () virus-l demon co uk>]

Etaoin Shrdlu <shrdlu () deaddrop org> wrote:

> There've been a lot of moronic statements made in this thread, true enough,

No there's a surprise...     8-)

> but I've actually learned a couple of things here. It's been mostly
> interesting, strange though that may seem, including (I think it was
> Nick's) a reference to a site on locking down windows that I hadn't seen
> before. I dunno.

This one??

   Minimizing Windows network services

   by Jean-Baptiste Marchand

   http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html.en

It is an excellent page for explaining stuff you will not (or at least 
that I had previously not been able to) find in the MS KnowledgeBase.

Also, if you've read that page in the past, please note that it gets 
updated from time to time but its author seems to neglect updating the 
date near the top of the page.  Despite that date currently reading 
"(02/09/2002)", and regardless of whether that is a US or "proper" 
format date, it is quite clearly outdated, as much further down the 
page you can read:

   Microsoft released on 4/16/2003 a new version of the rpccfg tool,
   that can list network interface indexes and configure interfaces
   restriction. This tool is available at
   http://download.microsoft.com/ (search keyword: rpccfg).

So, if you find this page at all useful or interesting, revisit it 
occasionally (or add its URL to your favourite page-change alerting 
service, etc...).

> It's a lot more interesting that having some fool complain about Mr. XSS
> (aka morning wood), and then quote the WHOLE damned post, so that those of
> us who have him quietly killfiled still get smacked with his sophomoric
> dribblings.  ...

Surely you can't be serious...  You don't hang in F-D for Mr XSS's 
every word?

8-)


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html