Full Disclosure mailing list archives

Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c)


From: yossarian <yossarian () planet nl>
Date: Wed, 30 Jul 2003 19:41:01 +0200

Sorry for being a little late in this discussion - was out there being a
good admin.\

But viz-a-viz cost calculation caused by worm or mass-mail - i remember when
in '97 at a bank I worked at then, people found the Reply All feature in
Exchange client. It took down the network for some 5 hours, and one of the
things that failed was a daily interest payment - some 80 Mo. $ loss - by a
network issue.

That's something else, some companies actually use the computers for
business...
----- Original Message -----
From: "Bojan Zdrnja" <Bojan.Zdrnja () LSS hr>
To: <full-disclosure () lists netsys com>
Sent: Wednesday, July 30, 2003 12:01 PM
Subject: RE: [Full-disclosure] Avoiding being a good admin - was DCOM RPC
exploit (dcom.c)




-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of
Ron DuFresne
Sent: Wednesday, 30 July 2003 8:51 a.m.
To: Valdis.Kletnieks () vt edu
Cc: Jason; full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Avoiding being a good admin -
was DCOM RPC exploit (dcom.c)

Still the best defensive porture is taken at the entrance and exit
points
as pertains to most all these 'services'.  If the ports 135 and 1433 etc
are blocked, both tcp and udp protocols, then patching becomes far less
dramatic, even if a few machines inside get infected due to laptops or
what have you.  when the flow on the wire for a segment

Perimeter blocking is not everything.
It's an important part of your security policy, but I think you're
overstating that.

Is it too difficult to write a worm which will spread through RPC DCOM
(this
is just to stay OT) *AND* mass e-mailing. See that? Mass e-mails ... You
can
have the best port blocking in the world and still be infected in a
second.

The solution for this is long term improvement of security, strong
security
policies *AND* education.

Regards,

Bojan Zdrnja

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Current thread: