Re: RPC Scan Issues

• Previous message: Joshua Levitsky: "Re: RPC Scan Issues"
• In reply to: Jared Ingersoll: "RE: RPC Scan Issues"
• Next in thread: Cosentino, Guilherme V.: "RE: RPC Scan Issues"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 15 Oct 2003 13:15:48 -0400
To: Jared Ingersoll <jared@cswv.com>

On Oct 14, 2003, at 3:55 PM, Jared Ingersoll wrote:

> Could you explain please how you would go about exploiting this with
> the
> appropriate service port behind a firewall? Or is a DMZ compromise a
> prerequisite?

Here's an example. Let us say you have laptops. The laptops leave the
building and become infected while dialed up to MSN or while using the
wireless at Starbucks.

The laptop returns to the building. If it is a blaster type exploit
then it will begin to infect machines.

If the next author of a blaster style virus is smart then they will
make a slower attack method so it won't be noticed at first, and then
over time the attack will speed up until you read DDoS levels.

Another method of infection I have seen is if you use AOL over TCP/IP
or some other service where you basically VPN in with the client then
you are open to attack by that other network. Your machine then can
attack your own network after that.

-Josh

--
Joshua Levitsky, CISSP, MCSE
System Engineer
AOL Time Warner
[5957 F27C 9C71 E9A7 274A  0447 C9B9 75A4 9B41 D4D1]
---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015 
---------------------------------------------------------------------------

• Previous message: Joshua Levitsky: "Re: RPC Scan Issues"
• In reply to: Jared Ingersoll: "RE: RPC Scan Issues"
• Next in thread: Cosentino, Guilherme V.: "RE: RPC Scan Issues"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Dynamic Firewall/IDS System ... > (firewall, IDS, etc.) and reacting appropriately could be a good thing. ... > I don't think this is a description of snort. ... the network guys from the colo -- that they get or got attacked. ... we deploy packet filter log rules that indicate the attack. ... (FreeBSD-Security) Re: Neither, buy a router. ... router for a home network? ... Would I still need a software firewall too? ... broadband-capable Virtual Private Network firewall is a true ... spoofing, land attack, tear drop attack, IP address sweep attack, Win Nuke ... (comp.security.firewalls) Re: Networking Desktops and wireless laptops ... two ports on a netgear wirelesss router. ... The desktops also cannot see the laptops. ... Have run the setup and kept MSHOME as network name - what am I missing ... This is most commonly caused by a misconfigured firewall. ... (microsoft.public.windowsxp.network_web) Re: Can I protect myself against network attacks? ... > I guess that was one purpose of the attack. ... > had happened if you just used the SP2 firewall which does not warn you ... back, I've seen the firewall crash before my eyes, without warning. ... network attacks, or trojans. ... (comp.security.firewalls) Re: NAT and firewall question ... > I have setup my network so that there is a firewall with NAT enabled. ... > requests get routed properly to the web server, or the IMAP server. ... > The people within the office have laptops. ... (comp.os.linux.networking)