Re: RPC Scan Issues

From: Joshua Levitsky (jlevitsk_at_joshie.com)
Date: 10/15/03

  • Next message: Laura A. Robinson: "RE: RPC Scan Issues"
    Date: Wed, 15 Oct 2003 13:15:48 -0400
    To: Jared Ingersoll <jared@cswv.com>
    
    

    On Oct 14, 2003, at 3:55 PM, Jared Ingersoll wrote:

    > Could you explain please how you would go about exploiting this with
    > the
    > appropriate service port behind a firewall? Or is a DMZ compromise a
    > prerequisite?

    Here's an example. Let us say you have laptops. The laptops leave the
    building and become infected while dialed up to MSN or while using the
    wireless at Starbucks.

    The laptop returns to the building. If it is a blaster type exploit
    then it will begin to infect machines.

    If the next author of a blaster style virus is smart then they will
    make a slower attack method so it won't be noticed at first, and then
    over time the attack will speed up until you read DDoS levels.

    Another method of infection I have seen is if you use AOL over TCP/IP
    or some other service where you basically VPN in with the client then
    you are open to attack by that other network. Your machine then can
    attack your own network after that.

    -Josh

    --
    Joshua Levitsky, CISSP, MCSE
    System Engineer
    AOL Time Warner
    [5957 F27C 9C71 E9A7 274A  0447 C9B9 75A4 9B41 D4D1]
    ---------------------------------------------------------------------------
    FREE Whitepaper: Better Management for Network Security
    Looking for a better way to manage your IP security?
    Learn how Solsoft can help you:
    - Ensure robust IP security through policy-based management
    - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    networks
    - Quickly respond to network events from a central console
    Download our FREE whitepaper at:
    http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015 
    ---------------------------------------------------------------------------
    

  • Next message: Laura A. Robinson: "RE: RPC Scan Issues"

    Relevant Pages

    • Re: Dynamic Firewall/IDS System
      ... > (firewall, IDS, etc.) and reacting appropriately could be a good thing. ... > I don't think this is a description of snort. ... the network guys from the colo -- that they get or got attacked. ... we deploy packet filter log rules that indicate the attack. ...
      (FreeBSD-Security)
    • Re: Neither, buy a router.
      ... router for a home network? ... Would I still need a software firewall too? ... broadband-capable Virtual Private Network firewall is a true ... spoofing, land attack, tear drop attack, IP address sweep attack, Win Nuke ...
      (comp.security.firewalls)
    • Re: Networking Desktops and wireless laptops
      ... two ports on a netgear wirelesss router. ... The desktops also cannot see the laptops. ... Have run the setup and kept MSHOME as network name - what am I missing ... This is most commonly caused by a misconfigured firewall. ...
      (microsoft.public.windowsxp.network_web)
    • Re: Can I protect myself against network attacks?
      ... > I guess that was one purpose of the attack. ... > had happened if you just used the SP2 firewall which does not warn you ... back, I've seen the firewall crash before my eyes, without warning. ... network attacks, or trojans. ...
      (comp.security.firewalls)
    • Re: NAT and firewall question
      ... > I have setup my network so that there is a firewall with NAT enabled. ... > requests get routed properly to the web server, or the IMAP server. ... > The people within the office have laptops. ...
      (comp.os.linux.networking)