RE: RPC Scan Issues
From: Thaddeus McNamara (tk_at_coast-radio.com)
Date: 10/14/03
- Previous message: Jerry Heidtke: "RE: RPC Scan Issues"
- Maybe in reply to: Thaddeus McNamara: "RPC Scan Issues"
- Next in thread: Anderson, Kelly: "RE: RPC Scan Issues"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'larobins@bellatlantic.net'" <larobins@bellatlantic.net>, "'focus-ms@securityfocus.com'" <focus-ms@securityfocus.com> Date: Tue, 14 Oct 2003 12:25:32 -0700
First, let me say thank you for the quick response, Laura. Secondly, my
S.O.P. on firewall security is EVERYTHING is blocked unless I MUST have it
open...25, 80, and Citrix (1494). I even have a few blocked going out for
SoBig and Port 5000.
I see from your earlier responses to Win2k Hardening that we all need to do
the basics and wait for a new patch. I guess my next concern is, should we
take the time to follow the "workarounds" listed in MS03-039? -->
(http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security
/bulletin/ms03-039.asp). Then follow up with patch verification on every
machine? (I guess we should be doing that at the time we install the patch,
huh?) Or should we just rely on our firewalls and the knowledge we have
already patched (almost) everything?
Looking to spend my time wisely...
Thadd
-----Original Message-----
From: Laura A. Robinson [mailto:larobins@bellatlantic.net]
Sent: Tuesday, October 14, 2003 10:48 AM
To: 'Thaddeus McNamara'; focus-ms@securityfocus.com
Subject: RE: RPC Scan Issues
> After reading there's yet another RPC exploit code in the
> wild, I double checked my LANs with both the MS DCOM scanner
> (KB824146Scan) and the Retina RPC DCOM scanner and got very
> different results. A few of the machines I know are NOT
> patched and others are Fully patched.
>
> 1. Is it possible they aren't patched properly?
Yes. It's also possible that you are getting false positives.
> 2. Should I be getting such different results?
Ideally, no. Realistically, it happens.
> 3. Should I or can I turn off RPC?
No.
> 4. Will the firewall be enough?
No, but that doesn't mean you shouldn't configure it to block incoming
traffic on appropriate ports.
Laura
---------------------------------------------------------------------------
Visual & Easy-to-use are not words that you think of when talking about
network analyzers. Need to share problem information with colleagues that
do not read packets?
Download ClearSight Networks Analyzer and see a new network analysis tool
that makes the complex - easy
http://www.securityfocus.com/sponsor/ClearSightNetworks_focus-ms_031006
---------------------------------------------------------------------------
- Previous message: Jerry Heidtke: "RE: RPC Scan Issues"
- Maybe in reply to: Thaddeus McNamara: "RPC Scan Issues"
- Next in thread: Anderson, Kelly: "RE: RPC Scan Issues"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
