Full Disclosure mailing list archives
RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c)
From: "Bojan Zdrnja" <Bojan.Zdrnja () LSS hr>
Date: Wed, 30 Jul 2003 22:01:22 +1200
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Ron DuFresne Sent: Wednesday, 30 July 2003 8:51 a.m. To: Valdis.Kletnieks () vt edu Cc: Jason; full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Avoiding being a good admin - was DCOM RPC exploit (dcom.c)
Still the best defensive porture is taken at the entrance and exit points as pertains to most all these 'services'. If the ports 135 and 1433 etc are blocked, both tcp and udp protocols, then patching becomes far less dramatic, even if a few machines inside get infected due to laptops or what have you. when the flow on the wire for a segment
Perimeter blocking is not everything. It's an important part of your security policy, but I think you're overstating that. Is it too difficult to write a worm which will spread through RPC DCOM (this is just to stay OT) *AND* mass e-mailing. See that? Mass e-mails ... You can have the best port blocking in the world and still be infected in a second. The solution for this is long term improvement of security, strong security policies *AND* education. Regards, Bojan Zdrnja _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Jason (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Justin (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Jason (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Valdis . Kletnieks (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Jason (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Valdis . Kletnieks (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Ron DuFresne (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPCexploit (dcom.c) Darren Bennett (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPCexploit (dcom.c) Ron DuFresne (Jul 30)
- RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Bojan Zdrnja (Jul 30)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) yossarian (Jul 30)
- RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Ron DuFresne (Jul 30)
- RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Bojan Zdrnja (Jul 31)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Valdis . Kletnieks (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Nick FitzGerald (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Scott M. Algatt (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Larry W. Cashdollar (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Jason (Jul 29)
- RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Andy Wood (Jul 29)
- RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Michal Zalewski (Jul 30)