Re: .Net Server and 'taskkill'

From: Mike Coppins (mike@legolas.com)
Date: 08/14/02 

Date: Wed, 14 Aug 2002 00:35:15 +0100
To: focus-ms@lists.securityfocus.com
From: Mike Coppins <mike@legolas.com>

At 13/08/2002 14:18, Alan J. Raveling wrote:
>The latest versions of Microsoft's Server OSes .NET come with a command
>feature that already exists in XP 'taskkill' This handy little command
>allows one to remotely kill the task if one knows the name of the task by
>simply providing a sufficient username and password. Now what can I do to
>prevent an attack against my servers from some user out there who would
>create a program to just keep feeding taskkill commands to the server until
>it kills a process?

There are plenty of 'kill app' programs written already for Windows, the
best one I've used is from sysinternals.com, pskill. There are a load of
other freely downloadable programs you can find there.

Programs like this use RPC (remote procedure call) in order to be able to
talk to the remote machine. With Windows the Server service is used to
receive the request. However, authentication is required to actually kill
a task, and the appropriate privileges (admin privs) are also required.

On say a webserver facing the outside world, even with firewalling in
place, I would not put your trust in the Server service keeping out attacks
on Windows networking, stopping the service is a wise precaution.

Stopping the service obviously has implications. You can't create or
connect to any shares on the machine you stop the service on*.

This is the tip of the iceberg regarding improvement on the security of a
Windows box.

* - (amongst other things, many of which can be categorised under the
heading "Why the heck should that affect that?", to which Microsoft shrug
back at you in their support articles :-)) 

-- 
Mike Coppins
mike@legolas.com
http://www.legolas.com/

Relevant Pages

  • Re: SBS 2008 Slow Network Performance with Windows XP Clients
    ... this direction since both the server NIC and the ... workstation NICs are Intel (actually that's not strictly true, ... Server 2007 Service Pack 2 on a Windows Small Business Server ... in the results, right-click Command Prompt, and then ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2008 Slow Network Performance with Windows XP Clients
    ... this direction since both the server NIC and the ... Server 2007 Service Pack 2 on a Windows Small Business Server ... in the results, right-click Command Prompt, and then click ... User account does not show in the Windows SBS Console: ...
    (microsoft.public.windows.server.sbs)
  • RE: Migrating from Win2k DCs to Win2k3 DCs; ADPrep question
    ... Windows Server 2003 CD, we need to confirm the following things in Q314649 ... Exchange 2000 Schema Changes Are Installed Before You Run the ... Windows Server 2003 adprep /forestprep Command ...
    (microsoft.public.windows.server.migration)
  • Re: dcdiag - advertising errors on newley promoted domain controller
    ... Can you do the following on uksccmads01 ... The problem may actually have nothing to do with the new server but the ... From a command prompt try and see if you get any additional info ... Skipping site UK-CCM, this site is outside the scope ...
    (microsoft.public.windows.server.active_directory)
  • Re: dcdiag - advertising errors on newley promoted domain controller
    ... Can you do the following on uksccmads01 ... The problem may actually have nothing to do with the new server but the ... Active Directory Forest Replication GUIDs Found: ... From a command prompt try and see if you get any additional info ...
    (microsoft.public.windows.server.active_directory)