RE: DCOM RPC exploit (dcom.c)

[Ron DuFresne <dufresne () winternet com>]

        [SNIP]

> This is simply and plainly false.  I don't know why people can't seem to
> grasp this.  I know of several major corporations who not only had
> 1434/UDP blocked at the firewall but also on a number of internal
> routers *and* had aggressive patching programs, and they *still*
> suffered from Slammer.   All it takes is *one* infected box *inside* the
> network to negate all the hard work you've done trying to keep the worm
> out.
>
> When you have 150,000 machines worldwide, having 1% of those unpatched
> (which is a 99% *success* rate) means you have 1500! vulnerable
> machines.  Most situations that I'm familiar with were in the tens - not
> even the hundreds - but it only took 10 or 15 machines to take down the
> entire network due to the nature of that worm.  10 or 15 boxes
> represents 1/100th of a percent of the total, yet that small number
> could completely destablize a network and cause untold hours of work for
> the admins and networking staff.

granted alot of companies and most gov and edu sites seem to not know how
to prevent a system from joinging the network without first being audited
to ensure it complies with the sites security poicy.  And for those
organizations, this posting by Paul rings true.  Those sites that have
stringent security policies and a means of enforcement of those policies
in place, do not face these problems, especially each and every time a new
sploit comes out.

Certainly worked for the groups I was associated with at NRTLE a few years
back, and their being spread globally, due to many acquisitions, as well
as having a variety of OS's to contend with, certainly had the numbers of
users and systems that seems to make many admins shudder at trying to
manage.  If the tools did not exist to do what we needed to do, we ended
up building our own.  We do much the same at the present location I work
in.  Though I have to admit, maintaining M$ is someone elses headache here
and was at Nortel.  But, some folks seem to handle it better then others.

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html