RE: RPC Scan Issues
From: Stein, Ted (tstein_at_nassaucountyny.gov)
Date: 10/17/03
- Previous message: Anders Thulin: "USB memory supporting NTFS?"
- Maybe in reply to: Thaddeus McNamara: "RPC Scan Issues"
- Next in thread: Roy Pait: "RE: RPC Scan Issues"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 17 Oct 2003 11:06:57 -0400 To: <focus-ms@securityfocus.com>
I'd like to do this, but I keep hearing that it won't work with Netware
(5.0) login scripts if the user doesn't have administrative privileges
on the machine. We're a few months shy of having a software distribution
product, but that obviously doesn't excuse us from installing patches.
Any suggestions to automate patching in the meantime (network in the
thousands of nodes) are welcome and appreciated!
Thanks,
-T
> -----Original Message-----
> From: Jeff McLaughlin [mailto:JMclaughlin@springsgov.com]
> Sent: Thursday, October 16, 2003 2:51 PM
> To: 'focus-ms@securityfocus.com'
> Subject: RE: RPC Scan Issues
>
>
> If patching via logon script just add the switch to reboot the
machine.
> Something like..
>
> Windows2000-KB824146-x86-ENU.exe /u /f /o
>
> Worked for me as I pushed out patches via a login script.
>
>
> Jeff McLaughlin
>
> -----Original Message-----
> From: c_brauckmiller@LEK.COM [mailto:c_brauckmiller@LEK.COM]
> Sent: Wednesday, October 15, 2003 10:45 AM
> To: Cosentino, Guilherme V.
> Cc: 'focus-ms@securityfocus.com'
> Subject: RE: RPC Scan Issues
>
>
>
> Does anyone know of any tool that can automatically reboot every
machine
> in
> a
> given IP range at a given timne?
>
> One could just tell the software to reboot all client PCs in the DHCP
> scope.
>
> We ran into this exact problem when we pushed MS03-026 and MS03-039
via
> login
> script.
>
> Thanks
>
> Craig Brauckmiller
>
>
>
>
> "Cosentino, Guilherme V." <Guilherme.Cosentino@alcoa.com.br> on
10/14/2003
> 04:07:13 PM
>
> To: "'focus-ms@securityfocus.com'" <focus-ms@securityfocus.com>
> cc: (bcc: Craig Brauckmiller/LEK)
>
> Subject: RE: RPC Scan Issues
>
>
>
> What I've seen about MS scanner is that it reports as unpatched every
> machine that had installed the patch, but was not restarted. At this
> moment
> (before the restart), if you look to those boxes, you'll see the
registry
> key, the uninstall directory, but not the correct versions of files.
If
> all
> your computers was rebooted after the patch aplication, you shouldn't
> receive false positives.
> Retina seems not look to those files and their creation dates, telling
> that
> non-rebooted machines are patched.
>
> -----Original Message-----
> From: Thaddeus McNamara [mailto:tk@coast-radio.com]
> Sent: Tuesday, 14 de October de 2003 4:26 PM
> To: 'larobins@bellatlantic.net'; 'focus-ms@securityfocus.com'
> Subject: RE: RPC Scan Issues
>
>
> First, let me say thank you for the quick response, Laura. Secondly,
my
> S.O.P. on firewall security is EVERYTHING is blocked unless I MUST
have it
> open...25, 80, and Citrix (1494). I even have a few blocked going out
for
> SoBig and Port 5000.
>
> I see from your earlier responses to Win2k Hardening that we all need
to
> do
> the basics and wait for a new patch. I guess my next concern is,
should
> we
> take the time to follow the "workarounds" listed in MS03-039? -->
>
(http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secu
ri
> ty
> /bulletin/ms03-039.asp). Then follow up with patch verification on
every
> machine? (I guess we should be doing that at the time we install the
> patch,
> huh?) Or should we just rely on our firewalls and the knowledge we
have
> already patched (almost) everything?
>
> Looking to spend my time wisely...
> Thadd
>
> -----Original Message-----
> From: Laura A. Robinson [mailto:larobins@bellatlantic.net]
> Sent: Tuesday, October 14, 2003 10:48 AM
> To: 'Thaddeus McNamara'; focus-ms@securityfocus.com
> Subject: RE: RPC Scan Issues
>
>
> > After reading there's yet another RPC exploit code in the
> > wild, I double checked my LANs with both the MS DCOM scanner
> > (KB824146Scan) and the Retina RPC DCOM scanner and got very
> > different results. A few of the machines I know are NOT
> > patched and others are Fully patched.
> >
> > 1. Is it possible they aren't patched properly?
>
> Yes. It's also possible that you are getting false positives.
>
> > 2. Should I be getting such different results?
>
> Ideally, no. Realistically, it happens.
>
> > 3. Should I or can I turn off RPC?
>
> No.
>
> > 4. Will the firewall be enough?
>
> No, but that doesn't mean you shouldn't configure it to block incoming
> traffic on appropriate ports.
>
> Laura
>
>
------------------------------------------------------------------------
-- > - > Visual & Easy-to-use are not words that you think of when talking about > network analyzers. Need to share problem information with colleagues that > do not read packets? > > Download ClearSight Networks Analyzer and see a new network analysis tool > that makes the complex - easy > http://www.securityfocus.com/sponsor/ClearSightNetworks_focus-ms_031006 > ------------------------------------------------------------------------ -- > - > > ------------------------------------------------------------------------ -- > - > Visual & Easy-to-use are not words that you think of when talking about > network analyzers. Need to share problem information with colleagues that > do not read packets? > > Download ClearSight Networks Analyzer and see a new network analysis tool > that makes the complex - easy > http://www.securityfocus.com/sponsor/ClearSightNetworks_focus-ms_031006 > ------------------------------------------------------------------------ -- > - > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ -- > - > FREE Whitepaper: Better Management for Network Security > > Looking for a better way to manage your IP security? > Learn how Solsoft can help you: > - Ensure robust IP security through policy-based management > - Make firewall, VPN, and NAT rules interoperable across heterogeneous > networks > - Quickly respond to network events from a central console > > Download our FREE whitepaper at: > http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015 > ------------------------------------------------------------------------ -- > - > > ------------------------------------------------------------------------ -- > - > FREE Whitepaper: Better Management for Network Security > > Looking for a better way to manage your IP security? > Learn how Solsoft can help you: > - Ensure robust IP security through policy-based management > - Make firewall, VPN, and NAT rules interoperable across heterogeneous > networks > - Quickly respond to network events from a central console > > Download our FREE whitepaper at: > http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015 > ------------------------------------------------------------------------ -- > - --------------------------------------------------------------------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015 ---------------------------------------------------------------------------
- Previous message: Anders Thulin: "USB memory supporting NTFS?"
- Maybe in reply to: Thaddeus McNamara: "RPC Scan Issues"
- Next in thread: Roy Pait: "RE: RPC Scan Issues"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
