lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.44.0309110946000.24415-100000@troll160.uunet.ca>
From: stephen.perciballi at ca.mci.com (Stephen Perciballi)
Subject: Why does a home computer user need DCOM?

Of course it is possible to disable it.  It really depends on what you're
doing with the OS.  I have an XP workstation that only has remote desktop
running and everything is working fine.


________________________________________________________________
Stephen Perciballi              phone: 1-416-216-5141
Internet Security Specialist    cell : 1-416-877-1808
MCI			        pager: sperciba-pager@...mci.com
www.mci.com/ca                  24/7 : 1-888-886-3865

On Thu, 11 Sep 2003, Jean-Baptiste Marchand wrote:

> * *Hobbit* <hobbit@...an.org> [10/09/03 - 13:31]:
>
> > Once again, I wouldn't mind a way to turn off *ALL* the RPC stuff,
> > including the RPC service itself, without paying the price of having
> > almost everything I do afterward just sit there and stupidly wait for it
> > to respond.  A box with it disabled *will* run, just barely, it'll just
> > be sluggish as hell.
>
> It is not really possible to disable the rpcss service (a.k.a _Remote
> Procedure Call (RPC)), probably because a Windows NT system heavily uses
> Local Procedure Calls (ncalrpc transport), which happen to be handled by
> the rpcss service.
>
> To close port 135 (tcp and udp), used among other things by the MSRPC
> endoint mapper, you have to minimize Windows services, i.e stop all
> services that register RPC services.
>
> > Or at the very least a way to run it so it doesn't listen on a socket
> > bound to *.  How 'bout localhost-only, or the equivalent of unix-domain
> > pipes, or *something* to keep it insulated from the network??
>
> It is possible to bind RPC services to a specific network interface, for
> example the loopback interface (127.0.0.1). This technique works on
> Windows 2000 but not for all RPC services (however, it works for port
> 135).
>
> For more information, see the _RPC Services_ of our _Minimizing Windows
> network services_ paper:
>
> http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html
>
>
> > How 'bout the same for SMB/tcp 445?
>
> Port 445 is opened by the NetBT driver (thus in kernel-mode) and is
> always bound to 0.0.0.0 because it was designed as a global device:
>
> http://www.hsc.fr/ressources/presentations/sambaxp2003/slide4.html
>
> If you don't need SMB/CIFS at all, the easiest way to close port 445
> (tcp and udp) is to disable the NetBT driver. You can also set the
> SmbDeviceEnabled registry value to 0. This is also described in our
> minimization paper (_CIFS over TCP_ section).
>
>
> PS: thanks for netcat and your _CIFS: Common Insecurities Fail Scrutiny_
> paper!
>
> Jean-Baptiste Marchand
> --
> Jean-Baptiste.Marchand@....fr
> HSC - http://www.hsc.fr/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ