[fw-wiz] Fw: [Full-Disclosure] DCOM Exploit MS03-026 attack vectors

From: Jeremiah Cornelius (jeremiah_at_nur.net)
Date: 08/01/03

  • Next message: Marcus J. Ranum: "Re: [fw-wiz] Off topic: Any one know of a good IPV6 reference book?"
    To: <firewall-wizards@honor.icsalabs.com>, <firewalls@securityfocus.com>
    Date: Fri, 1 Aug 2003 12:15:32 -0700
    
    

    ----- Original Message -----
    From: "Jeremiah Cornelius" <jeremiah@nur.net>
    To: "Bryan K. Watson" <bwatson@nettracers.com>;
    <full-disclosure@lists.netsys.com>

    Sent: Friday, August 01, 2003 12:02 PM
    Subject: Re: [Full-Disclosure] DCOM Exploit MS03-026 attack vectors

    > <snip>
    >
    > > > Because 9 times out of 10 port 135 is blocked by some sort of
    firewall,
    > > > whilst port 80 is not blocked on a web server.
    > >
    > > Not telecommuters on dial-up IP's and Blue-Toothed into the net thru
    > > their Ericsson phones, and surfing from the airport and WIFI cafes of
    the
    > > world.
    > </snip>
    >
    > Bluetooth phones as modems! I have been calling on this issue for some
    > time, and generally received a dismissive response from System
    > Administrators and IT management. No one wants the work load or
    > responsibility this entails. I suppose that if you don't acknowledge the
    > problem's existence, you can't be faulted for lack of due care! If they
    > keep their heads in the sand long enough, somebody is going to find out
    > what Ostrich meat tastes like...
    >
    > As this technology becomes more prevalent over the next 2 years or so, you
    > can kiss your idea of perimeter goodbye. A better argument for 'defence
    in
    > depth' and 'crunchy centers' could not be made. All hosts should be
    handled
    > as if they were accessible from untrusted segments - they soon will be, if
    > they are not already.
    >
    > This is just the technology we already have on hand. Remote, mobile, FAST
    > communications technologies are springing up like weeds. Bluetooth
    scanning
    > is inherently more problematic than looking for a rogue WiFi AP. The
    > technology is mobile, VERY short range/low power, and has legitimate
    > business use on multi-function devices. You can't expect to wrap your
    > building in a Faraday cage - there is no way to gatekeep this. It will
    > have to be a condition we adapt ourselves to deal with. Begin with
    hardened
    > hosts. Even marketroid laptops. Ultimately, something like mutual host
    > authentication/authorization is going to be needed everywhere on the
    > inside - but it's obviously not a cure-all. If my laptop is a router for
    my
    > phone, which is a router for kiddeez... Kiddee is authed to my server.
    >
    > It's gonna' be a fun ride, and the best is yet to come!
    >

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Marcus J. Ranum: "Re: [fw-wiz] Off topic: Any one know of a good IPV6 reference book?"

    Relevant Pages

    • Re: IP GAPPING - Tricky one
      ... port scan, which came back with zero ports open. ... So I guess its kind of like a stateful firewall ... >> "IP Gap Technology ensures access to the connected ... >> computer system is disabled as it creates a virtual GAP ...
      (microsoft.public.win2000.security)
    • [fw-wiz] GIDS, Intrusion Prevention: A Firewall by Any Other Name
      ... intrusion detection pattern matching rules to the content they see ... To me, this is a firewall. ... I am *not* criticizing the technology. ... proprietary "intrusion prevention" technologies (i.e. I've forgotten the ...
      (Firewall-Wizards)
    • Re: what should I do when....
      ... My initial reaction to this is that you should block all IP addresses belonging to that company *if* you do not need to communicate with them via the internet. ... My secondary reaction is to tell you not to advertise what sort of technology you are using in public forum. ... firewall logs, from a specific ip based in Canada, the log is showing a ... Although the good thing is that the firewall is detecting them therefore stopping them, I'm getting worried of hacker activity, I've already done ip lookup, and dns whois query both of those point to ip and host in Canada it seems to be a company as I got their public website and also private network.....could anyone advice me what's the proper course of actions in this case?.... ...
      (Security-Basics)
    • Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?)
      ... I think what you meant is the SOCKS firewall. ... somebody enlighten us with this technology in a layman ... FREE Network Security Webinar - How to implement IPSec security into VPN appliances ... Join the security experts from SafeNet on August 26 at 1:00 PM, and learn how to successfully integrate IPSec security into VPN processors and appliances to provide powerful yet cost-effective VPN solutions for your customers. ...
      (Focus-IDS)