Re: [Full-Disclosure] DCOM RPC exploit (dcom.c)

From: Ron DuFresne (dufresne_at_winternet.com)
Date: 07/27/03

  • Next message: exceed: "[Full-Disclosure] dcom-win32" 
    To: Chris Paget <chrisp@ngssoftware.com>
Date: Sat, 26 Jul 2003 22:29:56 -0500 (CDT)

    >
    > Len,
    >
    > IMHO there's a difference between "security through obscurity" and posting
    > working exploit code. Knowing that there is a vulnerability in DCOM, accessible
    > over a range of RPC mechanisms (primarily 135/tcp) is all that most
    > administrators need to know. It's one thing knowing that you can kill a person
    > with a gun, and it's another to give away firearms.
    >

            [SNIP]

    I'm just trying to understand how corporate networks would/should be at
    risk with this, why port 135 would not be filtered already limiting
    exposure. Is there a reason why it would not be that I'm missing? The
    main exposure seems to be the home users not aware of why certain services
    and ports should be properly configured and/or filtered. The gartner
    group seems to have come to this conclusion, one of their better
    statements in the recent past:

    <quote>
    SECURITY WIRE DIGEST, VOL. 5, NO. 55, JULY 24, 2003
    ...
    *GARTNER URGES PERSONAL FIREWALLS FOR MICROSOFT FLAWS
    Research firm Gartner Group is urging corporations to consider using
    personal firewalls on all desktop and notebook computers connected to
    networks to hedge against the steady stream of Microsoft vulnerabilities.

    Gartner says applying all the necessary patches to address the dozen
    "critical" alerts that Microsoft released between January and June would
    take most enterprises at least six months. "And more desktop
    vulnerabilities will be discovered in the near future," says Gartner VP
    John Pescatore.

    While implementing and maintaining personal firewalls will amount to a
    substantial cost of as much as $150 per machine, Pescatore says they will
    help protect individual devices--particularly those used by remote
    workers--from the type of executable attacks that are becoming more
    popular.

    Pescatore says the Internet Connection Firewall built into Windows XP
    isn't sufficient protection because it blocks only incoming connections.
    Enterprise firewalls should also be outfitted with URL blocking products
    that filter out URLs known to be sources of attacks.
    http://www3.gartner.com/resources/116100/116197/116197.pdf
    </quote>

    It seems more and more folks in the industry are coming to the conclusion
    that maintaining patched systems is an overwhelming job, and that the best
    mitigation is filtering at the gateway in the various forms that can be
    accomplished. This still leaves the average home user in a rut, since
    most lack the basic knowledge of the consquesnces of not filtering out the
    nasty cruft from the benighn, let alone the skills to recognise such. It
    would be nice to see other vendors step up to Dell's recent announcement
    to start shipping systems with a more secure 'default' install, and
    perhaps find a way to expand upon that shipping systems with a personal
    firewalling system capablle of providing a safer networking setup out of
    the box for joe average websurfer. Until the environment changes as
    regards those vendors releasing code/applications/OS', then the best we
    have at present is those vendors shipping the systems to the endusers.

    Thanks,

    Ron DuFresne
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    "Cutting the space budget really restores my faith in humanity. It
    eliminates dreams, goals, and ideals and lets us get straight to the
    business of hate, debauchery, and self-annihilation." -- Johnny Hart
            ***testing, only testing, and damn good at it too!***

    OK, so you're a Ph.D. Just don't touch anything.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: exceed: "[Full-Disclosure] dcom-win32"

    Relevant Pages

    • Re: Zonealarm / Email
      ... a filtering router or something like that _can_ eliminate some attack ... if home user's box is offering network servers, ... The "Personal Firewalls" I know all are doing a very bad job, ... of Kerio) even are opening additional attack vectors. ...
      (comp.security.firewalls)
    • Re: What are these vulnerabilities caused by personal firewalls?
      ... What exactly are the vulnerabilities created by installing personal ... Security needs to be reliable. ... some application traffic without the reliability requirement: ... services are and I think to myself, "if these personal firewalls have ...
      (comp.security.firewalls)
    • Quantcast