[fw-wiz] Fw: [Full-Disclosure] DCOM Exploit MS03-026 attack vectors
From: Jeremiah Cornelius (jeremiah_at_nur.net)
To: <firstname.lastname@example.org>, <email@example.com> Date: Fri, 1 Aug 2003 12:15:32 -0700
----- Original Message -----
From: "Jeremiah Cornelius" <firstname.lastname@example.org>
To: "Bryan K. Watson" <email@example.com>;
Sent: Friday, August 01, 2003 12:02 PM
Subject: Re: [Full-Disclosure] DCOM Exploit MS03-026 attack vectors
> > > Because 9 times out of 10 port 135 is blocked by some sort of
> > > whilst port 80 is not blocked on a web server.
> > Not telecommuters on dial-up IP's and Blue-Toothed into the net thru
> > their Ericsson phones, and surfing from the airport and WIFI cafes of
> > world.
> Bluetooth phones as modems! I have been calling on this issue for some
> time, and generally received a dismissive response from System
> Administrators and IT management. No one wants the work load or
> responsibility this entails. I suppose that if you don't acknowledge the
> problem's existence, you can't be faulted for lack of due care! If they
> keep their heads in the sand long enough, somebody is going to find out
> what Ostrich meat tastes like...
> As this technology becomes more prevalent over the next 2 years or so, you
> can kiss your idea of perimeter goodbye. A better argument for 'defence
> depth' and 'crunchy centers' could not be made. All hosts should be
> as if they were accessible from untrusted segments - they soon will be, if
> they are not already.
> This is just the technology we already have on hand. Remote, mobile, FAST
> communications technologies are springing up like weeds. Bluetooth
> is inherently more problematic than looking for a rogue WiFi AP. The
> technology is mobile, VERY short range/low power, and has legitimate
> business use on multi-function devices. You can't expect to wrap your
> building in a Faraday cage - there is no way to gatekeep this. It will
> have to be a condition we adapt ourselves to deal with. Begin with
> hosts. Even marketroid laptops. Ultimately, something like mutual host
> authentication/authorization is going to be needed everywhere on the
> inside - but it's obviously not a cure-all. If my laptop is a router for
> phone, which is a router for kiddeez... Kiddee is authed to my server.
> It's gonna' be a fun ride, and the best is yet to come!
firewall-wizards mailing list