Full Disclosure mailing list archives
RE: DCOM RPC exploit (dcom.c)
From: John.Airey () rnib org uk
Date: Mon, 28 Jul 2003 16:02:55 +0100
-----Original Message----- From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] Sent: 27 July 2003 16:38 To: Nathan Seven Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] DCOM RPC exploit (dcom.c)
[snip]
It may be a corner case, but based on the number of sites that got nailed by Slammer even though they had a firewall, it's a pretty common corner case....
As I said in my previous posts on the subject a "firewall" of itself wouldn't stop SQL Slammer unless it was doing stateful inspection of connections. In a nutshell, if you block all ports inbound, you have no connectivity. In this case though, there can be no sound business reason for having any port under 1024 exposed to the world unless it is some kind of public service (ie a web site). The only exception I know of is NTP. - John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey () rnib org uk After over 144 years, there's still no fossil evidence of Evolution. - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: DCOM RPC exploit (dcom.c) fulldisclosure (Jul 27)
- <Possible follow-ups>
- Re: DCOM RPC exploit (dcom.c) democow .... (Jul 27)
- RE: DCOM RPC exploit (dcom.c) John . Airey (Jul 28)
- DCOM Exploit : FAQ Nicolas RUFF (lists) (Jul 28)
- Re: DCOM Exploit : FAQ upb (Jul 29)
- DCOM Exploit : FAQ Nicolas RUFF (lists) (Jul 28)