lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030810193636.6432.qmail@web20609.mail.yahoo.com>
From: joey2cool at yahoo.com (Joey)
Subject: TCP ports 1025-1030 and DCOM exploit

the exploit is for DCOM, not RPC. i believe those
ports might have something to do with the "DNS Client"
service, which is unnecessary to be running. You can
lock down all ports ran by windows xp by using this
guide -
http://www.blackviper.com/WinXP/servicecfg.htm

You can disable port 135 by using the dcomcnfg
program(be sure to use this before you disable any
other services if you want to disable the port) -
http://www.jsifaq.com/SUBO/tip7000/rh7010.htm

i managed to get windows xp not listening on any ports
and still function 100%. Windows XP is a secure OS but
not out of the box.

I don't think it can be used on port 445 either since
that is the SMB file/print sharing port.

--- "Edward W. Ray" <support@...cman.com> wrote:
> I have found that the RPC service in Windows also
> uses TCP ports 1025-1030
> for communication with domain controllers (DCs).  I
> found this out by
> accident by blocking ports in my Windows 2003 domain
> and observing failed
> RPC connectivity using netdiag command on clients. 
> I also observed attempts
> at connection on TCP port 1025.
> 
> Once I added TCP port 1025 to my list of allowed
> ports and ran netdiag, a
> connection on the DC port 1025 and the client
> (higher port number) was
> established.
> 
> Is this another possible attack vector?  I have not
> had time to test it
> myself, which is why I am asking.
> 
> Regards,
> 
> Edward W. Ray
> SANS GCIA, GCIH
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
http://lists.netsys.com/full-disclosure-charter.html


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ