Re: RPC Scan Issues

From: Joshua Levitsky (jlevitsk_at_joshie.com)
Date: 10/15/03

  • Next message: Laura A. Robinson: "RE: RPC Scan Issues"
    Date: Wed, 15 Oct 2003 13:15:48 -0400
    To: Jared Ingersoll <jared@cswv.com>
    
    

    On Oct 14, 2003, at 3:55 PM, Jared Ingersoll wrote:

    > Could you explain please how you would go about exploiting this with
    > the
    > appropriate service port behind a firewall? Or is a DMZ compromise a
    > prerequisite?

    Here's an example. Let us say you have laptops. The laptops leave the
    building and become infected while dialed up to MSN or while using the
    wireless at Starbucks.

    The laptop returns to the building. If it is a blaster type exploit
    then it will begin to infect machines.

    If the next author of a blaster style virus is smart then they will
    make a slower attack method so it won't be noticed at first, and then
    over time the attack will speed up until you read DDoS levels.

    Another method of infection I have seen is if you use AOL over TCP/IP
    or some other service where you basically VPN in with the client then
    you are open to attack by that other network. Your machine then can
    attack your own network after that.

    -Josh

    --
    Joshua Levitsky, CISSP, MCSE
    System Engineer
    AOL Time Warner
    [5957 F27C 9C71 E9A7 274A  0447 C9B9 75A4 9B41 D4D1]
    ---------------------------------------------------------------------------
    FREE Whitepaper: Better Management for Network Security
    Looking for a better way to manage your IP security?
    Learn how Solsoft can help you:
    - Ensure robust IP security through policy-based management
    - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    networks
    - Quickly respond to network events from a central console
    Download our FREE whitepaper at:
    http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015 
    ---------------------------------------------------------------------------
    

  • Next message: Laura A. Robinson: "RE: RPC Scan Issues"