lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <.195.64.48.19.1060857383.squirrel@lupetto.mine.nu>
From: daniele at muscetta.com (Daniele Muscetta)
Subject: ISS Security Brief: 'MS Blast' MSRPC DCOM Worm Propagation (fwd)

Sorry, Errata on my words:

> On its own it is harmful.

I MEANT: "IT IS *NOT* HARMFUL."


Daniele




>> svchost.exe listens on several ports on windows xp.
>> If microsoft is saying that it should never be on the
>> internet, couldn't there be more b0f's discovered in
>> the future? One peculiar service "DNS Client",
>> although listening on a few random ports just about
>> 1024, also runs off of svchost.exe.
>
> svchost is a "wrapper" for services that work as DLLs instead of being
> implemented with their own .EXE.
> On its own it is harmful.
>
> It is RPC which should not listen on the internet. It's a very different
> matter.
>
> Anyway, "DNS Client" is the DNS RESOLVER, that component that queries
> the DNS for you... and it does not listen, as far as I know.
> It opens of course dynamic ports >1024 as SOURCE ports, to talk to DNS
> server on target port 53... what would you expect it do otherwise ?
>
> It also implements the dynamic record registration for DDNS, so it
> REGISTERS the address of the client on the server (if instructed to do
> so, and if the server supports it).
>
>
> ...if you don't want it, you might even want to remove resolv.conf from
> your linux box.... since it might be just as harmful..... :)
>
>
> Daniele
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ