Full Disclosure mailing list archives
Re: Restricting access to SVCCTL named pipe on Windows
From: Dude VanWinkle <dudevanwinkle () gmail com>
Date: Wed, 7 Dec 2005 11:30:48 -0700
On 12/7/05, Geof <geofgeof () gmail com> wrote:
I'm trying to restrict remote access to the Service Control Manager on a Windows box in order to forbid a local admin to remotely manage the services. Indeed, with such an access, it's possible to restart services that where disabled for security reasons, like remote registry access, or to install remotely new services. (See http://www.hsc.fr/ressources/articles/win_net_srv/ch04s07s09.html for the available operations) Using the pipeaclui from bindview, I guess it's possible to define ACL that deny any access but it is said that "Anytime a named pipe is restarted (or a system reboot), the changes made using pipeaclui will be discarded and the defaults of whatever started the named pipe will be used". http://www.bindview.com/Services/RAZOR/Utilities/Windows/pipeacltools1_0.cfm So, I'm wondering if someone known how to stop definitively this feature.
I would go about this a different way than you: just drop in managed firewalls that say only port 135-139, 445, etc from the servers then you dont have to worry about VPN or cross workstation attacks or am I totally off base here? -JP _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Restricting access to SVCCTL named pipe on Windows Geof (Dec 07)
- Re: Restricting access to SVCCTL named pipe on Windows Dude VanWinkle (Dec 07)
- Re: Restricting access to SVCCTL named pipe on Windows Geof (Dec 08)
- Re: Restricting access to SVCCTL named pipe on Windows Dude VanWinkle (Dec 07)