Vulnerability Development mailing list archives
RE: SUMMARY: SMB overflow attacks
From: "Thierry De Leeuw" <thierry.deleeuw () wanadoo be>
Date: Mon, 2 Sep 2002 20:46:38 +0200
Hi, On my box it's msdtc (Microsoft Distributed Transaction Coordinator) that is using this port. mstask.exe is 1026. I find out this by using TCP View. This tool can be freely downloaded from http://www.sysinternals.com/ntw2k/source/tcpview.shtml Hope it helps ! Best regards, Thierry De Leeuw -----Original Message----- From: Jason Coombs [mailto:jasonc () science org] Sent: Saturday, August 31, 2002 9:02 PM To: Aditya; vuln-dev () security-focus com Subject: RE: SUMMARY: SMB overflow attacks mstask.exe is not running on this box. Task Scheduler service is set to Manual. Any other ideas? Thanks. Jason Coombs jasonc () science org -----Original Message----- From: Aditya [mailto:adityald2 () gmx net] Sent: Friday, August 30, 2002 10:18 PM To: jasonc () science org; vuln-dev () security-focus com Subject: Re: SUMMARY: SMB overflow attacks sorry about the mistake about the DCOM - the good thing is already you have disabled that for 1025 - you have to disable the schduler service "mstask.exe" for 1027 its dcom -aditya ----- Original Message ----- From: "Jason Coombs" <jasonc () science org> To: "Aditya" <adityald2 () gmx net>; <vuln-dev () security-focus com> Sent: Saturday, August 31, 2002 8:33 AM Subject: RE: SUMMARY: SMB overflow attacks
DCOM is already disabled and all transports are removed from the list in DCOMCNFG.EXE. System still binds to 1025 TCP. Are you sure this is all you did to stop this port binding on your box? Thanks. Jason Coombs jasonc () science org -----Original Message----- From: Aditya [mailto:adityald2 () gmx net] Sent: Friday, August 30, 2002 5:47 AM To: jasonc () science org; vuln-dev () security-focus com Subject: Re: SUMMARY: SMB overflow attacks the 1025 port is bound because the machine in win2k which has com enabled
by
default disable com and this will vanish aditya ----- Original Message ----- From: "Jason Coombs" <jasonc () science org> To: <vuln-dev () security-focus com> Sent: Friday, August 30, 2002 5:10 AM Subject: RE: SUMMARY: SMB overflow attacksHowever, port 1025 is still being bound by SYSTEM ... I have no idea
why.
Current thread:
- Re: SUMMARY: SMB overflow attacks Aditya (Aug 31)
- RE: SUMMARY: SMB overflow attacks Jason Coombs (Aug 31)
- Re: SUMMARY: SMB overflow attacks Aditya (Aug 31)
- RE: SUMMARY: SMB overflow attacks Jason Coombs (Aug 31)
- RE: SUMMARY: SMB overflow attacks Thierry De Leeuw (Sep 02)
- Re: SUMMARY: SMB overflow attacks Aditya (Aug 31)
- RE: SUMMARY: SMB overflow attacks Jason Coombs (Aug 31)
- <Possible follow-ups>
- Re: SUMMARY: SMB overflow attacks Cade Cairns (Aug 31)