Re: DCOM RPC exploit (dcom.c)

[Kain <kain () kain org>]

On Tue, Jul 29, 2003 at 10:33:47AM -0500, Schmehl, Paul L wrote:
> > > ...  I'd be surprised if any organisation exists (outside of the
> > > military) that insists on knowing the MAC addresses of machines before
> > > they get connected to the network. (In our case we monitor MAC addresses
> > > instead as we can then spot network problems).
> > Bzzzzt -- wrong.
> >
> > Some small, medium and large corporates do this.  Some .edus even do it.
I can verify that this is also the case at Southwest Missouri State University,
a small uni of 30,000 or so students (15000 or so full-time last time I
checked), from my time there as a student.  One doesn't have to be .mil or have
a ludicrous budget to follow this practice.  It makes good sense to know
exactly what is on your network.

In the case of SMSU, most network switches were per-port MAC-filtered to their
assigned address, managed through a central database with links to SNMP
management on the switches for controlling network access.
-- 
Bryon Roche
Professional {Developer,Linux/MS Consulting,Software Architect}
<kain () kain org>
PGP Key Fingerprint: FE0D EC23 6464 726A CD54  48D3 04AD 86FE 6878 ABD5
Fortuna est caeca

Attachment: _bin
Description: