| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: pauls at utdallas.edu (Paul Schmehl) Subject: DCOM RPC exploit (dcom.c) On Sat, 2003-07-26 at 22:29, Ron DuFresne wrote: > > I'm just trying to understand how corporate networks would/should be at > risk with this, why port 135 would not be filtered already limiting > exposure. Is there a reason why it would not be that I'm missing? Are you really serious? Recall Slammer? There were networks that were locked down pretty tight. Slammer couldn't get in, right? Then one developer who got his unpatched copy of SQL inside the network, by logging in through VPN with his infected laptop, took the entire network down. You can't get in to our network on those ports either - unless you're already in. But I can guarantee you that we'll be chasing infected boxes down for days after the worm hits. And we've already patched everything that we could patch. I scan for Slammer every week, because every week someone new decides to install SQL unpatched or some stupid app that has an unpatched copy of MSDE. Now I'll be chasing the RPC worm around too. You can't firewall 135 inside your network or you'd have no network. The only reason I read lists like this is because I need to know before it hits what the next stupid exploit is that I have to deal with. And every one is a royal PITA. I put virus and worm writers right there in the same pile with spammers. They're all the scum of the earth. Clear examples of the worst of human nature. -- Paul Schmehl (pauls@...allas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/
Powered by blists - more mailing lists