Re: [Full-Disclosure] Cox is blocking port 135 - off topic

From: harq deman (harqman_at_btopenworld.com)
Date: 08/11/03

  • Next message: Jack Whitsitt (jofny): "Re: [Full-Disclosure] phpWebSite SQL Injection & DoS & XSS Vulnerabilities"
    To: <full-disclosure@lists.netsys.com>
    Date: Mon, 11 Aug 2003 20:06:15 +0100
    
    

    MS realise that they are about to be firewalled by every ISP that cares
    about its client base, and are now stating that you shouldn't have been
    using their product on a public network in the first place. I don't
    remember hearing this before, though, and if they knew this why isn't ICF
    enabled as default as part of their internet connection wizardry?

    Hindsight is always 20/20.
    --harq
    ----- Original Message -----
    From: "Joey" <joey2cool@yahoo.com>
    To: <full-disclosure@lists.netsys.com>
    Sent: Monday, August 11, 2003 7:31 PM
    Subject: Re: [Full-Disclosure] Cox is blocking port 135 - off topic

    > Microsoft says - "To exploit this vulnerability, the
    > attacker must be able to send a specially crafted
    > request to port 135, port 139, port 445, or any other
    > specifically configured RPC port on the remote
    > computer. For intranet environments, these ports are
    > typically accessible, but for Internet-connected
    > computers, these ports are typically blocked by a
    > firewall."
    >
    > But since those are different services(SMB, DCOM,
    > Netbios), wouldnt you need to send an entirely
    > different packet? it sounds impossible to use the same
    > exploit on multple protocols.
    >
    > Port 80 is not an attack vector -
    > "RPC over UDP or TCP is not intended to be used in
    > hostile environments, such as the Internet. More
    > robust protocols, such as RPC over HTTP, are provided
    > for hostile environments."
    > http://support.microsoft.com/?kbid=823980
    >
    > Microsoft is saying RPC over UDP or TCP shouldnt be
    > used on the internet and you need a firewall to block
    > the ports anyway. I guess they aren't keeping their
    > new promise for security seriously.
    >
    > --- roman.kunz@juliusbaer.com wrote:
    > > hi list,
    > >
    > > i tried all different DCOM RPC sploit's i could find
    > > (from the very
    > > beginning till the newest versions).
    > > i couldn't find any succesfully working on other
    > > ports then 135.
    >
    > __________________________________
    > Do you Yahoo!?
    > Yahoo! SiteBuilder - Free, easy-to-use web site design software
    > http://sitebuilder.yahoo.com
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Jack Whitsitt (jofny): "Re: [Full-Disclosure] phpWebSite SQL Injection & DoS & XSS Vulnerabilities"

    Relevant Pages

    • Re: Webserver, DMZ, ports questions
      ... Internet accesible services like SMTP have a seperate ... DMZ or a third interface in the firewall. ... As far as source / destination ports goes. ... from the internet to my web server, ...
      (Focus-Microsoft)
    • Re: statefull inspection FW and hackers
      ... Stateful inspection can be best understood with security zones/level. ... most of the firewall dont allow anything to come from low ... This would mean that if internal user accesses internet ... In turn that will give to the attacker a way to understand what ports ...
      (Security-Basics)
    • Re: FIREWALL- worth the effort ?
      ... I only use internet intermitently and "pull the plug out" ... Do you have a home Cable/DSL Router? ... forward any ports from the outside world to your Macthrough ... The other function of a firewall is to prevent out bound ...
      (comp.sys.mac.system)
    • Re: Adding Programs w/ActiveSync 3.7
      ... > would be granted access to the internet. ... my firewall typically advises me that software is ... Activesync uses certain ports to communicate with the Pocket PC. ... install the software... ...
      (microsoft.public.pocketpc.activesync)
    • Re: Firewall Windows 2003 Server SP1
      ... Ich mach einfach SMB, RPC, LDAP, etc zu, dann kann mich keiner ... Ich meinte eigentlich das hier bzgl. der dynamischen Ports bezogen auf die ... In früheren Windows-Versionen wurde die RPC-Kommunikation von der Windows ... Firewall blockiert. ...
      (microsoft.public.de.german.windows.server.networking)