lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Pine.GSO.4.43.0508221031020.9790-100000@tundra.winternet.com>
Date: Mon Aug 22 16:36:21 2005
From: dufresne at winternet.com (Ron DuFresne)
Subject: It's not that simple... [Was: Re: Disney Down?]

On Fri, 19 Aug 2005, Nick FitzGerald wrote:

> fd@...nsci.us to Ron DuFresne:
>
> > > Perhaps it does realte considering the above and considering that the unix
> > > world learned many of the evils of RCP services over ten years ago that
> > > seem to hit the M$ realm every few months, repeatedly...
> >
> > We used to call them rsploits when it was common in unix.  Friends and I
> > had a good chuckle when MS started repeating history, having rsploits of
> > its own.  I would love to deny all port 445 with layer-3 switches but this
> > would be like blocking portmap and expecting NFS to still mount.
> >
> > What have we learned from the past that we can apply to our MS networks,
> > since they have become a (un)necessary evil?  How neutered does an MS
> > workstation become if the RPC port is completely blocked from the outside?
> > Perhaps "mostly harmless" ?
> >
> > What would it take to write an RPC filter to only accept RPCs which we
> > actually care about?  In addition, why is PnP even an RPC accessible from
> > the outside (no, upnp is not a good reason)!?  Most importantly, we need
> > to eliminate the entire RPC attack vector in the future for Microsoft
> > systems -- this is not the first MS rsploit and we will certainly see
> > more.
>
> Why don't folk -- well, sys-admins anyway -- actually take the time to
> bother to learn what their systems do and how they work???
>


Ahh, but this is not an admin issue, it's the vendors issue.  Was similar
for sometime with SUNOS, when trying to disable RPC for production systems
one used to have to twist around sideways while tring to bend over
backwards.  Not the same these days now that SUN has learned the lesson
that M$ is re-propogating with thier "we'll do it our way, screw learning
via others lessons or sticking to standards".  Redmond has been bitten by
these issues in the past few years a number of times and will be bitten
again till they finally learn what took other vendors awhile to get the
point on as well.


	[REST SNIPPED]


Thanks,

Ron DuFresne
-- 
"Sometimes you get the blues because your baby leaves you. Sometimes you get'em
'cause she comes back." --B.B. King
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ