Vulnerability Development: RE: SUMMARY: SMB overflow attacks

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

RE: SUMMARY: SMB overflow attacks

From: "Jason Coombs" <jasonc () science org>
Date: Fri, 30 Aug 2002 17:03:43 -1000

DCOM is already disabled and all transports are removed from the list in
DCOMCNFG.EXE.

System still binds to 1025 TCP.

Are you sure this is all you did to stop this port binding on your box?

Thanks.

Jason Coombs
jasonc () science org

-----Original Message-----
From: Aditya [mailto:adityald2 () gmx net]
Sent: Friday, August 30, 2002 5:47 AM
To: jasonc () science org; vuln-dev () security-focus com
Subject: Re: SUMMARY: SMB overflow attacks


the 1025 port is bound because the machine in win2k which has com enabled by
default

disable com and this will vanish

aditya

----- Original Message -----
From: "Jason Coombs" <jasonc () science org>
To: <vuln-dev () security-focus com>
Sent: Friday, August 30, 2002 5:10 AM
Subject: RE: SUMMARY: SMB overflow attacks

However, port 1025 is still being bound by SYSTEM ... I have no idea why.

By Date By Thread

Current thread:

Re: SUMMARY: SMB overflow attacks Aditya (Aug 31)
- RE: SUMMARY: SMB overflow attacks Jason Coombs (Aug 31)
  - Re: SUMMARY: SMB overflow attacks Aditya (Aug 31)
    - RE: SUMMARY: SMB overflow attacks Jason Coombs (Aug 31)
    - RE: SUMMARY: SMB overflow attacks Thierry De Leeuw (Sep 02)
- <Possible follow-ups>
- Re: SUMMARY: SMB overflow attacks Cade Cairns (Aug 31)