Bugtraq mailing list archives
Re: Win2k Telnet.exe malicious server vulnerability
From: J Edgar Hoover <zorch () RIGHTEOUS NET>
Date: Mon, 18 Sep 2000 05:46:04 -0700
On Fri, 15 Sep 2000, Bronek Kozicki wrote:
From: "Ryagin Mihail Yurevitch" <ryagin () EXTRIM RU>The problem is far more general then within single poor configurationdefaults in telnet.exe.The main problem is that Windows automatically supply user credentials inmany situations without ever asking for his opinion. That's why, exactly, you do not pass NetBIOS through your firewall - incoming as well as _outgoing_ traffic.
Ahh, but it doesn't stop there... w2k with ie also likes to exchange kerberos keys with foreign web servers. I noticed this whlle trying to disable the "autosearch" spyware in ie. If you type a URL that fails lookup, ie does a search at auto.search.msn.com.. Yes, ie has a button to 'disable' this, but when I tried that, it was still sending data to msn. The only fix I've found was to wall off *.search.msn.com. While you are at it, wall off LDAP too... or just play it safe and not let any traffic on ports <1024 in or out of the windows network.
Current thread:
- Win2k Telnet.exe malicious server vulnerability monti (Sep 13)
- Re: Win2k Telnet.exe malicious server vulnerability Jim Paris (Sep 14)
- Re: Win2k Telnet.exe malicious server vulnerability Micah Webner (Sep 14)
- <Possible follow-ups>
- Re: Win2k Telnet.exe malicious server vulnerability Microsoft Security Response Center (Sep 14)
- Re: Win2k Telnet.exe malicious server vulnerability monti (Sep 14)
- Re: Win2k Telnet.exe malicious server vulnerability Microsoft Security Response Center (Sep 14)
- Re: Win2k Telnet.exe malicious server vulnerability Tim Hollebeek (Sep 14)
- Re: Win2k Telnet.exe malicious server vulnerability Blue Boar (Sep 15)
- Re: Win2k Telnet.exe malicious server vulnerability Рягин Михаил Юрьевич (Sep 15)
- Re: Win2k Telnet.exe malicious server vulnerability Bronek Kozicki (Sep 17)
- Re: Win2k Telnet.exe malicious server vulnerability J Edgar Hoover (Sep 18)
- Re: Win2k Telnet.exe malicious server vulnerability Bronek Kozicki (Sep 17)