[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <.195.64.48.19.1060857383.squirrel@lupetto.mine.nu>
From: daniele at muscetta.com (Daniele Muscetta)
Subject: ISS Security Brief: 'MS Blast' MSRPC DCOM Worm Propagation (fwd)
Sorry, Errata on my words:
> On its own it is harmful.
I MEANT: "IT IS *NOT* HARMFUL."
Daniele
>> svchost.exe listens on several ports on windows xp.
>> If microsoft is saying that it should never be on the
>> internet, couldn't there be more b0f's discovered in
>> the future? One peculiar service "DNS Client",
>> although listening on a few random ports just about
>> 1024, also runs off of svchost.exe.
>
> svchost is a "wrapper" for services that work as DLLs instead of being
> implemented with their own .EXE.
> On its own it is harmful.
>
> It is RPC which should not listen on the internet. It's a very different
> matter.
>
> Anyway, "DNS Client" is the DNS RESOLVER, that component that queries
> the DNS for you... and it does not listen, as far as I know.
> It opens of course dynamic ports >1024 as SOURCE ports, to talk to DNS
> server on target port 53... what would you expect it do otherwise ?
>
> It also implements the dynamic record registration for DDNS, so it
> REGISTERS the address of the client on the server (if instructed to do
> so, and if the server supports it).
>
>
> ...if you don't want it, you might even want to remove resolv.conf from
> your linux box.... since it might be just as harmful..... :)
>
>
> Daniele
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists