Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: RE: Vulnerability Response (was: BGP TCP RST Attacks)

RE: Vulnerability Response (was: BGP TCP RST Attacks)

From: Paul D. Robertson <paul_at_compuwar.net>
Date: Tue, 1 Jun 2004 08:45:54 -0400 (EDT)

On Fri, 28 May 2004, Ben Nagy wrote:

> Take a look at the recent security record of MS RPC endpoints. You can't
> turn them off. You can't secure them. Windows will break.

Funnily enough, I booted WinXP Pro on my laptop[0] last week to put some
shellcode through a disassembler. There was no danger from any RPC-based
malcode.

> How _ELSE_ do you want to deal with that problem? Let me put it a different

Strategically, I want to deal with it the right way- either removing the
dependence on RPC (hey, all my Linux systems don't need network-based RPC
anymore) or by getting the developers to give me better separation- MS is
actually starting to do that with
whatever-the-heck-the-next-bug-cluster-is-called.

> You can only harden up until the OS will let you. If the core service has an

Not true- you can firewall things that the OS won't let you do.

> exploitable bug then only a patch will fix it. Other solutions (like my

If it can't be attacked, then arguably, it doesn't need to be fixed.

> Even assuming that you could have pre-hardened a box (it is true that
> hardening _might_ have let you dodge Blaster and Sasser, but wait until the
> multiple vectored worms really start hitting us) then most people just won't
> do it. In any case, having a huge freaking gaping security hole in a core
> service is not something I feel comfortable about, same as running a
> thousand Win95 boxes "behind a firewall" sends shivers down my spine.

Yet lots of people do it every day and don't have many problems....

Paul
[0] G4 Powerbook, running XP in VirutalPC with the hosting OS providing
firewalling. I find BOCHs interesting strategically because you actually
could do kernel level firewalling.
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul_at_compuwar.net which may have no basis whatsoever in fact."
probertson_at_trusecure.com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Jun 01 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos