Full Disclosure mailing list archives
RE: DCOM RPC exploit (dcom.c) (fwd)
From: "Andy Wood" <andy () digitalindustry org>
Date: Mon, 28 Jul 2003 07:32:46 -0400
Thanks, 0. Users: There are inexpensive tools to take care of this for you. Dameware NT utilties is one. If you're an admin and haven't touched this one you're missing out. A few click of the mouse and all you can hope for can come true. It also can be used on both sides of the fence....it is one of my main utilities for working my way into networks. Now, be warned all, it may not have a button to do the exact function you're looking for, but rather has the ability to perform batch functions, and that's really the issue here, right. If'n one is blessed with "Creativity" then that person may just be able to use it beyond the help, faq and user files. -----Original Message----- From: uidzer0 [mailto:uidzer0 () cox net] Sent: Sunday, July 27, 2003 7:48 PM To: Andy Wood What'd I tell you man.. this list is all you@!!!!;) - uidzer0 ---------- Forwarded message ---------- Date: Sun, 27 Jul 2003 17:09:21 -0500 (CDT) From: Ron DuFresne <dufresne () winternet com> To: Paul Schmehl <pauls () utdallas edu> Cc: Jason <security () brvenik com>, Chris Paget <chrisp () ngssoftware com>, Len Rose <len () netsys com>, "full-disclosure () lists netsys com" < > Subject: Re: [Full-disclosure] DCOM RPC exploit (dcom.c) On 27 Jul 2003, Paul Schmehl wrote:
On Sun, 2003-07-27 at 14:24, Jason wrote:Ok: In short it goes like this. Click Start->Run Type "dcomcnfg.exe" Turn it offGreat! Now go click all 5000 computers we have to take care of. This is exactly what I'm talking about. You smugly criticize networks for not fixing problems, yet you completely ignore the fact that the tools to do this on an enterprise scale either don't exist, are far too expensive for the average network or require scripting expertise that most don't have. Not to mention the fact that for this to even work, the security context must be administrator and the concept of sudo hasn't entered the Windows world in a secure implementation (that I'm aware of).
[SNIP] Blame the provider of the OS you are trying to tame. sheesh, whine whine whine, I can't do my job Im underpaind and over worked, I can't secure my network cause some fools gonna tell me they can't play their fav game with friend on another network, I want windows and all the shit that comes with it, but, I don;t want to have to deal with the fallout eachtime the built in kitchen sink blows up. Then get the edu site yer at to force a desktop OS change to something you might be betterable to contreol with less effort. If the beast exists. but, better yet, get a job in a filed that does not stress you to such extreme limits. Either lead, follow or get the hell outta the way with yer whining... first you ask to be spoon fed how to disable DCOm, then when given the ability, you whine that now you have to go fix 5000 boxes allowed to be misconfigged anyways. What others are telling you is there are ways this could have been mitigated *prior* to the time exploits came out and prior to the time the vulnerability was announced. Next thing yer gonna be wanting psychic pre-announcments 6 months in advance of public disclosure. As you mentioned in many replies in this thread, this is the real world, you have a job yer paid to do, now go do it. After the made patch rush is over for you, prior to the next 2-6 months down the road, reread all the advice offered by many here and devise a policy for your network that might help avoid the mad rush, be it a proper security perimiter, hiring others to hump and touch each system when/if a *wokring* patch is released or recommend a better desktop/server environment to help avoid the problems that you feel the M$ world has blessed you with. But nearly this same thread was bounced about when slammer hit, and nimda, and the cored reds, so I tend to think that the status quo will remain after then next 3-10 exploits/worms strike. And the Texas edu system will still have risky ports and protocols and applications up the butt open for the exploits to takke advantage of. Until something on the order of change does happen, this will remain a revolving thread. Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.504 / Virus Database: 302 - Release Date: 7/24/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.504 / Virus Database: 302 - Release Date: 7/24/2003 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: DCOM RPC exploit (dcom.c) (fwd) Andy Wood (Jul 28)