|
Vulnerability Development
mailing list archives
RE: SUMMARY: SMB overflow attacks
From: "Jason Coombs" <jasonc () science org>
Date: Sat, 31 Aug 2002 09:01:51 -1000
mstask.exe is not running on this box.
Task Scheduler service is set to Manual.
Any other ideas?
Thanks.
Jason Coombs
jasonc () science org
-----Original Message-----
From: Aditya [mailto:adityald2 () gmx net]
Sent: Friday, August 30, 2002 10:18 PM
To: jasonc () science org; vuln-dev () security-focus com
Subject: Re: SUMMARY: SMB overflow attacks
sorry about the mistake about the DCOM - the good thing is already you have
disabled that
for 1025 - you have to disable the schduler service "mstask.exe"
for 1027 its dcom
-aditya
----- Original Message -----
From: "Jason Coombs" <jasonc () science org>
To: "Aditya" <adityald2 () gmx net>; <vuln-dev () security-focus com>
Sent: Saturday, August 31, 2002 8:33 AM
Subject: RE: SUMMARY: SMB overflow attacks
DCOM is already disabled and all transports are removed from the list in
DCOMCNFG.EXE.
System still binds to 1025 TCP.
Are you sure this is all you did to stop this port binding on your box?
Thanks.
Jason Coombs
jasonc () science org
-----Original Message-----
From: Aditya [mailto:adityald2 () gmx net]
Sent: Friday, August 30, 2002 5:47 AM
To: jasonc () science org; vuln-dev () security-focus com
Subject: Re: SUMMARY: SMB overflow attacks
the 1025 port is bound because the machine in win2k which has com enabled
by
default
disable com and this will vanish
aditya
----- Original Message -----
From: "Jason Coombs" <jasonc () science org>
To: <vuln-dev () security-focus com>
Sent: Friday, August 30, 2002 5:10 AM
Subject: RE: SUMMARY: SMB overflow attacks
However, port 1025 is still being bound by SYSTEM ... I have no idea
why.
 By Date 
By Thread
Current thread:
| 
Intro
