Full Disclosure mailing list archives

RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c)

From: "Bojan Zdrnja" <Bojan.Zdrnja () LSS hr>
Date: Wed, 30 Jul 2003 22:01:22 +1200

-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
Ron DuFresne
Sent: Wednesday, 30 July 2003 8:51 a.m.
To: Valdis.Kletnieks () vt edu
Cc: Jason; full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Avoiding being a good admin - 
was DCOM RPC exploit (dcom.c)

Still the best defensive porture is taken at the entrance and exit points
as pertains to most all these 'services'.  If the ports 135 and 1433 etc
are blocked, both tcp and udp protocols, then patching becomes far less
dramatic, even if a few machines inside get infected due to laptops or
what have you.  when the flow on the wire for a segment


Perimeter blocking is not everything.
It's an important part of your security policy, but I think you're
overstating that.

Is it too difficult to write a worm which will spread through RPC DCOM (this
is just to stay OT) *AND* mass e-mailing. See that? Mass e-mails ... You can
have the best port blocking in the world and still be infected in a second.

The solution for this is long term improvement of security, strong security
policies *AND* education.

Regards,

Bojan Zdrnja

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Jason (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Justin (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Jason (Jul 29)
  - Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Valdis . Kletnieks (Jul 29)
    - Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Jason (Jul 29)
    - Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Valdis . Kletnieks (Jul 29)
    - Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Ron DuFresne (Jul 29)
    - Re: Avoiding being a good admin - was DCOM RPCexploit (dcom.c) Darren Bennett (Jul 29)
    - Re: Avoiding being a good admin - was DCOM RPCexploit (dcom.c) Ron DuFresne (Jul 30)
    - RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Bojan Zdrnja (Jul 30)
    - Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) yossarian (Jul 30)
    - RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Ron DuFresne (Jul 30)
    - RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Bojan Zdrnja (Jul 31)
    - Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Nick FitzGerald (Jul 29)
    - Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Scott M. Algatt (Jul 29)
    - Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Larry W. Cashdollar (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Michal Zalewski (Jul 29)
  - Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Jason (Jul 29)
  - RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Andy Wood (Jul 29)
    - RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Michal Zalewski (Jul 30)