Full Disclosure mailing list archives
Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c)
From: yossarian <yossarian () planet nl>
Date: Wed, 30 Jul 2003 19:41:01 +0200
Sorry for being a little late in this discussion - was out there being a good admin.\ But viz-a-viz cost calculation caused by worm or mass-mail - i remember when in '97 at a bank I worked at then, people found the Reply All feature in Exchange client. It took down the network for some 5 hours, and one of the things that failed was a daily interest payment - some 80 Mo. $ loss - by a network issue. That's something else, some companies actually use the computers for business... ----- Original Message ----- From: "Bojan Zdrnja" <Bojan.Zdrnja () LSS hr> To: <full-disclosure () lists netsys com> Sent: Wednesday, July 30, 2003 12:01 PM Subject: RE: [Full-disclosure] Avoiding being a good admin - was DCOM RPC exploit (dcom.c)
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Ron DuFresne Sent: Wednesday, 30 July 2003 8:51 a.m. To: Valdis.Kletnieks () vt edu Cc: Jason; full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Avoiding being a good admin - was DCOM RPC exploit (dcom.c)Still the best defensive porture is taken at the entrance and exit
points
as pertains to most all these 'services'. If the ports 135 and 1433 etc are blocked, both tcp and udp protocols, then patching becomes far less dramatic, even if a few machines inside get infected due to laptops or what have you. when the flow on the wire for a segmentPerimeter blocking is not everything. It's an important part of your security policy, but I think you're overstating that. Is it too difficult to write a worm which will spread through RPC DCOM
(this
is just to stay OT) *AND* mass e-mailing. See that? Mass e-mails ... You
can
have the best port blocking in the world and still be infected in a
second.
The solution for this is long term improvement of security, strong
security
policies *AND* education. Regards, Bojan Zdrnja _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Jason (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Justin (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Jason (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Valdis . Kletnieks (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Jason (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Valdis . Kletnieks (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Ron DuFresne (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPCexploit (dcom.c) Darren Bennett (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPCexploit (dcom.c) Ron DuFresne (Jul 30)
- RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Bojan Zdrnja (Jul 30)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) yossarian (Jul 30)
- RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Ron DuFresne (Jul 30)
- RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Bojan Zdrnja (Jul 31)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Valdis . Kletnieks (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Nick FitzGerald (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Scott M. Algatt (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Larry W. Cashdollar (Jul 29)
- Re: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Jason (Jul 29)
- RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Andy Wood (Jul 29)
- RE: Avoiding being a good admin - was DCOM RPC exploit (dcom.c) Michal Zalewski (Jul 30)
