lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: pauls at utdallas.edu (Paul Schmehl)
Subject: MSDE contained in...

On Tue, 2003-01-28 at 11:41, nutcase26 wrote:
> Paul et al,
> 
> Forgive my ignorance, but are you telling me that when an FTP, HTTP, Telnet
> client initiates a request to a remote server that my client doesn't
> interface with eth0?

Of course it does.  But it doesn't *listen* on those ports.  It queries
the server, which then responds on the same port.  Your browser, for
example, isn't going to simply start popping up web pages because
someone sent packets on port 80.  Your browser has to make the request,
and then it will only accept the answer from the address that it queried
(excluding monkey business on the part of a MITM attack.)
> 
> You mention in general but then very boldly state below " It's only if the
> app is being used **as a server**
> 
> Which is it, is it general or only ?
> 
I wouldn't say that *no* MSDE app is ever listening on port 1434/UDP
because I don't *know* that for a fact.  But *many* MSDE apps will not
be because they don't act as servers **on the network interface**.  The
only act as servers to localhost.

*If* an MSDE is acting as a server for *other* computers, then yes, it
would have that port open.
> 
> When I use Visio to PUBLISH my architectural design to my web server am I
> not  infact opening the MSDE  and port * ?
> 
No, because you are publishing to a server.  The *server* may have port
1433/TCP open and *may* have port 1434/UDP open, but you computer will
not.  (It's much more likely the server has port 21 open, and your
"publishing" ftps the files to the web server.)
> 
> Doesn't mickeysoft want us to let them determine when updates are required?
> 
They'd like you to determine what shorts to wear.

> Paul, are you a user of Microsoft products?
> 
Do you know anyone in an enterprise setting that isn't?  Of course I
am.  I'm running RedHat beta and using Evolution as my email app, but I
get my mail from an Exchange server (among others), so I *have* to use
MS apps, whether I want to or not.
> 
I'm not sure how that makes a difference, but....

-- 
Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ