lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: harqman at btopenworld.com (harq deman)
Subject: Cox is blocking port 135 - off topic

With the DCom vulnerability affecting:
- Every fresh install of most windows operating systems,
- Every system where the user is too dumb to click the obvious update
button,
- Every system registered with a pirate key that has had its access to
windows update suspended,

it is IMHO only a short period of time before a successful worm takes
effect.  At that point, it is highly probably that MS networking will be
shunned by most responsible ISPs for their customers protection.

May I draw your attention to http://www.cs.berkeley.edu/~nweaver/warhol.html

It is highly likely that, in the future, any fresh installs of Windows NT4 /
XP / 2000 / 2003 will be `owned' by a dcom worm in less time than it takes
to download the patch.

<JOKE> Microsoft should change the ports used by their operating systems
during patching operation </JOKE>

Perhaps Cox is ahead of the crowd...?

maybe I'm talking shit.. I don't know, I'm high
peace
harq

----- Original Message ----- 
From: <pdt@...khammer.org>
To: "Kurt Seifried" <listuser@...fried.org>
Cc: <joey2cool@...oo.com>; <full-disclosure@...ts.netsys.com>
Sent: Sunday, August 10, 2003 11:55 PM
Subject: Re: [Full-Disclosure] Cox is blocking port 135 - off topic


> If they do it like Comcast has it implemented even clients on the same
> cable router can't speak on the "windows" ports to each other.  Last I
> checked they were blocking 137-139 and have been for some time.
> > Off topic:
> >
> > This won't help much at all. Windows 2000/XP run Microsoft SMB over TCP
on
> > 445 as well (reduced overhead then 135/etc, no NetBIOS layer). When a
> > client
> > tries to connect to a remote host for file/print sharing/etc it connects
> > on
> > both ports 135 and 445, if a response is recieved from port 445 it drops
> > the
> > connection to 135. THe attack works quite well against client systems
> > using
> > port 445. If Cox blocks both ports 135 and 445 that will be
semi-effective
> > (except of course for internal users who spread a worm/etc, such as
> > laptops
> > that move around). THis may block a few of the more stupid attacks but
not
> > for long.
> >
> > Kurt Seifried, kurt@...fried.org
> > A15B BEE5 B391 B9AD B0EF
> > AEB0 AD63 0B4E AD56 E574
> > http://seifried.org/security/
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists