[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.43.0307262214260.21048-100000@tundra.winternet.com>
From: dufresne at winternet.com (Ron DuFresne)
Subject: DCOM RPC exploit (dcom.c)
>
> Len,
>
> IMHO there's a difference between "security through obscurity" and posting
> working exploit code. Knowing that there is a vulnerability in DCOM, accessible
> over a range of RPC mechanisms (primarily 135/tcp) is all that most
> administrators need to know. It's one thing knowing that you can kill a person
> with a gun, and it's another to give away firearms.
>
[SNIP]
I'm just trying to understand how corporate networks would/should be at
risk with this, why port 135 would not be filtered already limiting
exposure. Is there a reason why it would not be that I'm missing? The
main exposure seems to be the home users not aware of why certain services
and ports should be properly configured and/or filtered. The gartner
group seems to have come to this conclusion, one of their better
statements in the recent past:
<quote>
SECURITY WIRE DIGEST, VOL. 5, NO. 55, JULY 24, 2003
...
*GARTNER URGES PERSONAL FIREWALLS FOR MICROSOFT FLAWS
Research firm Gartner Group is urging corporations to consider using
personal firewalls on all desktop and notebook computers connected to
networks to hedge against the steady stream of Microsoft vulnerabilities.
Gartner says applying all the necessary patches to address the dozen
"critical" alerts that Microsoft released between January and June would
take most enterprises at least six months. "And more desktop
vulnerabilities will be discovered in the near future," says Gartner VP
John Pescatore.
While implementing and maintaining personal firewalls will amount to a
substantial cost of as much as $150 per machine, Pescatore says they will
help protect individual devices--particularly those used by remote
workers--from the type of executable attacks that are becoming more
popular.
Pescatore says the Internet Connection Firewall built into Windows XP
isn't sufficient protection because it blocks only incoming connections.
Enterprise firewalls should also be outfitted with URL blocking products
that filter out URLs known to be sources of attacks.
http://www3.gartner.com/resources/116100/116197/116197.pdf
</quote>
It seems more and more folks in the industry are coming to the conclusion
that maintaining patched systems is an overwhelming job, and that the best
mitigation is filtering at the gateway in the various forms that can be
accomplished. This still leaves the average home user in a rut, since
most lack the basic knowledge of the consquesnces of not filtering out the
nasty cruft from the benighn, let alone the skills to recognise such. It
would be nice to see other vendors step up to Dell's recent announcement
to start shipping systems with a more secure 'default' install, and
perhaps find a way to expand upon that shipping systems with a personal
firewalling system capablle of providing a safer networking setup out of
the box for joe average websurfer. Until the environment changes as
regards those vendors releasing code/applications/OS', then the best we
have at present is those vendors shipping the systems to the endusers.
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists