is it even possible for a worm with dcom vuln?

From: Victor Pereira (vpereira_at_modulo.com.br)
Date: 07/29/03

Next message: Markus Kovero: "VL: Remote Linux Kernel < 2.4.21 DoS in XDR routine."

Previous message: Victor Pereira: "perl/php connect-back backdoor?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <vuln-dev@securityfocus.com>
Date: Tue, 29 Jul 2003 16:33:13 -0300

A highly-effective worm would be not be difficult to write for the reasons
below. Residential ISP's should start blocking 445 and 135 immediately.
Corporate networks should block these ports in both directions at every
major gateway as soon as possible.
....
</H D Moore>

Don't forget all wireless lans without access restrictions around the world.
It is a good target to start a worm propagation using microsoft services,
because a lot of companies close it in they're internet firewalls, but in a
LAN enviroment, everything is open.
I can't figure out the damage.. can you ? ;-)

Reguards,

______________________________________________
Victor Pereira - LPI, CCSA, CCSE

http://www.modulo.com.br
http://getdata.codigolivre.org.br

Next message: Markus Kovero: "VL: Remote Linux Kernel < 2.4.21 DoS in XDR routine."

Previous message: Victor Pereira: "perl/php connect-back backdoor?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]