[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <.195.64.48.19.1060854475.squirrel@lupetto.mine.nu>
From: daniele at muscetta.com (Daniele Muscetta)
Subject: ISS Security Brief: 'MS Blast' MSRPC DCOM Worm Propagation (fwd)
> svchost.exe listens on several ports on windows xp.
> If microsoft is saying that it should never be on the
> internet, couldn't there be more b0f's discovered in
> the future? One peculiar service "DNS Client",
> although listening on a few random ports just about
> 1024, also runs off of svchost.exe.
svchost is a "wrapper" for services that work as DLLs instead of being
implemented with their own .EXE.
On its own it is harmful.
It is RPC which should not listen on the internet. It's a very different
matter.
Anyway, "DNS Client" is the DNS RESOLVER, that component that queries the
DNS for you... and it does not listen, as far as I know.
It opens of course dynamic ports >1024 as SOURCE ports, to talk to DNS
server on target port 53... what would you expect it do otherwise ?
It also implements the dynamic record registration for DDNS, so it
REGISTERS the address of the client on the server (if instructed to do so,
and if the server supports it).
...if you don't want it, you might even want to remove resolv.conf from
your linux box.... since it might be just as harmful..... :)
Daniele
Powered by blists - more mailing lists