Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: RE: SUMMARY: SMB overflow attacks

RE: SUMMARY: SMB overflow attacks

From: Thierry De Leeuw <thierry.deleeuw_at_wanadoo.be>
Date: Mon, 2 Sep 2002 20:46:38 +0200

Hi,

On my box it's msdtc (Microsoft Distributed Transaction Coordinator) that is
using this port.

mstask.exe is 1026.

I find out this by using TCP View. This tool can be freely downloaded from
http://www.sysinternals.com/ntw2k/source/tcpview.shtml

Hope it helps !

Best regards,

Thierry De Leeuw

-----Original Message-----
From: Jason Coombs [mailto:jasonc_at_science.org]
Sent: Saturday, August 31, 2002 9:02 PM
To: Aditya; vuln-dev_at_security-focus.com
Subject: RE: SUMMARY: SMB overflow attacks

mstask.exe is not running on this box.

Task Scheduler service is set to Manual.

Any other ideas?

Thanks.

Jason Coombs
jasonc_at_science.org

-----Original Message-----
From: Aditya [mailto:adityald2_at_gmx.net]
Sent: Friday, August 30, 2002 10:18 PM
To: jasonc_at_science.org; vuln-dev_at_security-focus.com
Subject: Re: SUMMARY: SMB overflow attacks

sorry about the mistake about the DCOM - the good thing is already you have
disabled that

for 1025 - you have to disable the schduler service "mstask.exe"

for 1027 its dcom

-aditya

----- Original Message -----
From: "Jason Coombs" <jasonc_at_science.org>
To: "Aditya" <adityald2_at_gmx.net>; <vuln-dev_at_security-focus.com>
Sent: Saturday, August 31, 2002 8:33 AM
Subject: RE: SUMMARY: SMB overflow attacks

> DCOM is already disabled and all transports are removed from the list in
> DCOMCNFG.EXE.
>
> System still binds to 1025 TCP.
>
> Are you sure this is all you did to stop this port binding on your box?
>
> Thanks.
>
> Jason Coombs
> jasonc_at_science.org
>
> -----Original Message-----
> From: Aditya [mailto:adityald2_at_gmx.net]
> Sent: Friday, August 30, 2002 5:47 AM
> To: jasonc_at_science.org; vuln-dev_at_security-focus.com
> Subject: Re: SUMMARY: SMB overflow attacks
>
>
> the 1025 port is bound because the machine in win2k which has com enabled
by
> default
>
> disable com and this will vanish
>
> aditya
>
> ----- Original Message -----
> From: "Jason Coombs" <jasonc_at_science.org>
> To: <vuln-dev_at_security-focus.com>
> Sent: Friday, August 30, 2002 5:10 AM
> Subject: RE: SUMMARY: SMB overflow attacks
>
>
> > However, port 1025 is still being bound by SYSTEM ... I have no idea
why.
> >
>
>
Received on Sep 03 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos