Re: [Full-Disclosure] DCOM RPC exploit (dcom.c)

From: Blue Boar (BlueBoar_at_thievco.com)
Date: 07/27/03

  • Next message: CHeeKY: "Re: Re: [Full-Disclosure] DCOM RPC exploit (dcom.c)" 
    To: security snot <booger@unixclan.net>
Date: Sun, 27 Jul 2003 13:00:38 -0700

    security snot wrote:

    > I don't understand how having any of the
    > poorly written public exploits for this vulnerability will help in the
    > securing process in any way. Unless you mean that the threat of a worm is
    > more realistic because now hackers, along with security professionals,
    > both have access to some form of exploits they can use to create a worm
    > with, and this threat is enough to convince Asian nations to update all
    > their machines.
    >
    > Other than that, could you please explain how the distribution of such
    > materials actually will "help prepare", as you say, for the upcoming worm?

    Troll though this may be, I'll go ahead an answer for the benefit of anyone
    else who might have been curious about the same thing.

    There's a decent chance the work will be based on an existing exploit. If
    one has made any effort (IDS rules, etc) to detect the exploit, then they
    will be prepared for the worm as well.

    What kinds of evidence does the exploit leave behind? If one can try the
    exploit(s), then they can determine what an exploited machine looks like.

                                                    BB

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: CHeeKY: "Re: Re: [Full-Disclosure] DCOM RPC exploit (dcom.c)"

    Relevant Pages

    • OT--CONFICKER STILL AROUND. BEWARE!
      ... The Conficker worm's April 1st trigger date came and went without the ... bedeviling computer virus causing any mischief but security ... persons unknown," said Trend Micro threat researcher Paul Ferguson. ... The worm was programmed to evolve on Wednesday to become harder to ...
      (rec.outdoors.rv-travel)
    • Re: [Full-Disclosure] DCOM RPC exploit (dcom.c)
      ... disagree with your reasoning. ... Unless you mean that the threat of a worm is ... booger at night - I'm the security snot." ...
      (Full-Disclosure)
    • A excite game
      ... files that were infected with a virus, worm, or other type of security ... This e-mail was sent from a Road Runner IP address. ... If a virus, worm, ... or other security threat is found, Road Runner cleans or deletes the ...
      (freebsd-isp)
    • Re: Verify Your Security Provider -- The truth behind manual testing.
      ... manual testing, not just automated scans. ... greater than the cost of the best possible security services. ... should be) asking for and b) to evaluate the proposals from vendors. ... If you want to be protected from the threat, you need to be tested at ...
      (Pen-Test)
    • MI5 Boss hints kiss goodbye to civil rights...
      ... "THE INTERNATIONAL TERRORIST THREAT AND THE DILEMMAS IN COUNTERING IT" ... I am delighted to be here to celebrate the 60th Birthday of the AIVD. ... The friendship between the AIVD and my Service, the British Security ... fascism then, by the time I met him, on countering terrorism. ...
      (soc.culture.scottish)