[fw-wiz] Fw: [Full-Disclosure] DCOM Exploit MS03-026 attack vectors
From: Jeremiah Cornelius (jeremiah_at_nur.net)
Date: 08/01/03
- Previous message: Roger Marquis: "Re: [fw-wiz] summary of PhD programs"
- Next in thread: Paul Robertson: "Re: [fw-wiz] Fw: [Full-Disclosure] DCOM Exploit MS03-026 attack vectors"
- Reply: Paul Robertson: "Re: [fw-wiz] Fw: [Full-Disclosure] DCOM Exploit MS03-026 attack vectors"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <firewall-wizards@honor.icsalabs.com>, <firewalls@securityfocus.com> Date: Fri, 1 Aug 2003 12:15:32 -0700
----- Original Message -----
From: "Jeremiah Cornelius" <jeremiah@nur.net>
To: "Bryan K. Watson" <bwatson@nettracers.com>;
<full-disclosure@lists.netsys.com>
Sent: Friday, August 01, 2003 12:02 PM
Subject: Re: [Full-Disclosure] DCOM Exploit MS03-026 attack vectors
> <snip>
>
> > > Because 9 times out of 10 port 135 is blocked by some sort of
firewall,
> > > whilst port 80 is not blocked on a web server.
> >
> > Not telecommuters on dial-up IP's and Blue-Toothed into the net thru
> > their Ericsson phones, and surfing from the airport and WIFI cafes of
the
> > world.
> </snip>
>
> Bluetooth phones as modems! I have been calling on this issue for some
> time, and generally received a dismissive response from System
> Administrators and IT management. No one wants the work load or
> responsibility this entails. I suppose that if you don't acknowledge the
> problem's existence, you can't be faulted for lack of due care! If they
> keep their heads in the sand long enough, somebody is going to find out
> what Ostrich meat tastes like...
>
> As this technology becomes more prevalent over the next 2 years or so, you
> can kiss your idea of perimeter goodbye. A better argument for 'defence
in
> depth' and 'crunchy centers' could not be made. All hosts should be
handled
> as if they were accessible from untrusted segments - they soon will be, if
> they are not already.
>
> This is just the technology we already have on hand. Remote, mobile, FAST
> communications technologies are springing up like weeds. Bluetooth
scanning
> is inherently more problematic than looking for a rogue WiFi AP. The
> technology is mobile, VERY short range/low power, and has legitimate
> business use on multi-function devices. You can't expect to wrap your
> building in a Faraday cage - there is no way to gatekeep this. It will
> have to be a condition we adapt ourselves to deal with. Begin with
hardened
> hosts. Even marketroid laptops. Ultimately, something like mutual host
> authentication/authorization is going to be needed everywhere on the
> inside - but it's obviously not a cure-all. If my laptop is a router for
my
> phone, which is a router for kiddeez... Kiddee is authed to my server.
>
> It's gonna' be a fun ride, and the best is yet to come!
>
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Roger Marquis: "Re: [fw-wiz] summary of PhD programs"
- Next in thread: Paul Robertson: "Re: [fw-wiz] Fw: [Full-Disclosure] DCOM Exploit MS03-026 attack vectors"
- Reply: Paul Robertson: "Re: [fw-wiz] Fw: [Full-Disclosure] DCOM Exploit MS03-026 attack vectors"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
