[fw-wiz] Fw: [Full-Disclosure] DCOM Exploit MS03-026 attack vectors

From: Jeremiah Cornelius (jeremiah_at_nur.net)
Date: 08/01/03

  • Next message: Marcus J. Ranum: "Re: [fw-wiz] Off topic: Any one know of a good IPV6 reference book?"
    To: <firewall-wizards@honor.icsalabs.com>, <firewalls@securityfocus.com>
    Date: Fri, 1 Aug 2003 12:15:32 -0700
    
    

    ----- Original Message -----
    From: "Jeremiah Cornelius" <jeremiah@nur.net>
    To: "Bryan K. Watson" <bwatson@nettracers.com>;
    <full-disclosure@lists.netsys.com>

    Sent: Friday, August 01, 2003 12:02 PM
    Subject: Re: [Full-Disclosure] DCOM Exploit MS03-026 attack vectors

    > <snip>
    >
    > > > Because 9 times out of 10 port 135 is blocked by some sort of
    firewall,
    > > > whilst port 80 is not blocked on a web server.
    > >
    > > Not telecommuters on dial-up IP's and Blue-Toothed into the net thru
    > > their Ericsson phones, and surfing from the airport and WIFI cafes of
    the
    > > world.
    > </snip>
    >
    > Bluetooth phones as modems! I have been calling on this issue for some
    > time, and generally received a dismissive response from System
    > Administrators and IT management. No one wants the work load or
    > responsibility this entails. I suppose that if you don't acknowledge the
    > problem's existence, you can't be faulted for lack of due care! If they
    > keep their heads in the sand long enough, somebody is going to find out
    > what Ostrich meat tastes like...
    >
    > As this technology becomes more prevalent over the next 2 years or so, you
    > can kiss your idea of perimeter goodbye. A better argument for 'defence
    in
    > depth' and 'crunchy centers' could not be made. All hosts should be
    handled
    > as if they were accessible from untrusted segments - they soon will be, if
    > they are not already.
    >
    > This is just the technology we already have on hand. Remote, mobile, FAST
    > communications technologies are springing up like weeds. Bluetooth
    scanning
    > is inherently more problematic than looking for a rogue WiFi AP. The
    > technology is mobile, VERY short range/low power, and has legitimate
    > business use on multi-function devices. You can't expect to wrap your
    > building in a Faraday cage - there is no way to gatekeep this. It will
    > have to be a condition we adapt ourselves to deal with. Begin with
    hardened
    > hosts. Even marketroid laptops. Ultimately, something like mutual host
    > authentication/authorization is going to be needed everywhere on the
    > inside - but it's obviously not a cure-all. If my laptop is a router for
    my
    > phone, which is a router for kiddeez... Kiddee is authed to my server.
    >
    > It's gonna' be a fun ride, and the best is yet to come!
    >

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Marcus J. Ranum: "Re: [fw-wiz] Off topic: Any one know of a good IPV6 reference book?"