[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <002e01c35f89$93b38580$0100a8c0@newmarkr>
From: harqman at btopenworld.com (harq deman)
Subject: Cox is blocking port 135 - off topic
With the DCom vulnerability affecting:
- Every fresh install of most windows operating systems,
- Every system where the user is too dumb to click the obvious update
button,
- Every system registered with a pirate key that has had its access to
windows update suspended,
it is IMHO only a short period of time before a successful worm takes
effect. At that point, it is highly probably that MS networking will be
shunned by most responsible ISPs for their customers protection.
May I draw your attention to http://www.cs.berkeley.edu/~nweaver/warhol.html
It is highly likely that, in the future, any fresh installs of Windows NT4 /
XP / 2000 / 2003 will be `owned' by a dcom worm in less time than it takes
to download the patch.
<JOKE> Microsoft should change the ports used by their operating systems
during patching operation </JOKE>
Perhaps Cox is ahead of the crowd...?
maybe I'm talking shit.. I don't know, I'm high
peace
harq
----- Original Message -----
From: <pdt@...khammer.org>
To: "Kurt Seifried" <listuser@...fried.org>
Cc: <joey2cool@...oo.com>; <full-disclosure@...ts.netsys.com>
Sent: Sunday, August 10, 2003 11:55 PM
Subject: Re: [Full-Disclosure] Cox is blocking port 135 - off topic
> If they do it like Comcast has it implemented even clients on the same
> cable router can't speak on the "windows" ports to each other. Last I
> checked they were blocking 137-139 and have been for some time.
> > Off topic:
> >
> > This won't help much at all. Windows 2000/XP run Microsoft SMB over TCP
on
> > 445 as well (reduced overhead then 135/etc, no NetBIOS layer). When a
> > client
> > tries to connect to a remote host for file/print sharing/etc it connects
> > on
> > both ports 135 and 445, if a response is recieved from port 445 it drops
> > the
> > connection to 135. THe attack works quite well against client systems
> > using
> > port 445. If Cox blocks both ports 135 and 445 that will be
semi-effective
> > (except of course for internal users who spread a worm/etc, such as
> > laptops
> > that move around). THis may block a few of the more stupid attacks but
not
> > for long.
> >
> > Kurt Seifried, kurt@...fried.org
> > A15B BEE5 B391 B9AD B0EF
> > AEB0 AD63 0B4E AD56 E574
> > http://seifried.org/security/
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists