Dailydave mailing list archives
MSRPC fragmentation note from Matt + Exception fun
From: Dave Aitel <dave () immunitysec com>
Date: Thu, 15 Sep 2005 16:35:24 -0400
Regarding the nfr paper...which has since been updated, I hear. There's also a minor technical inaccuracy there that needs to be fixed; MSRPC Fragmentation *does* occur naturally on large client-side requests, such as Printer queueing over named pipes. So just alerting basic fragmentation ensures a bevy of falsies. After publishing we were lucky enough to get a look at one of our larger customer's NASTY windows-centric networks and I observed it all over the place. MattAs Window said at CANSEC regarding Microsoft's exception collection tool: "We get a fix a lot of security bugs through collecting exception information..."
http://www.exceptioncollection.com/ How this Service Works: * *You use the "New Developer Registration" form above to request adeveloper login from us.* * *We instantly email you a developer login, a
password, and instructions for integrating ExceptionCollection with your programs.* * *You compile your programs and distribute them to your users.* The amount of code that you need to add for integration with ExceptionCollection is very, very small (usually 3 or 4 lines). * *When an Internet-connected user experiences an exception, details of that exception are programatically reported to, and stored on, ExceptionCollection.* * *You can browse to exceptioncollection.com from any web browser in the world, log in, and view details of any exceptions generated byany of your programs or websites.* * Your programs can be written in C#/VB.NET, Java, VB6, Delphi, C++,
or any other SOAP-enabled language. (Yes, VB6 is SOAP-enabled <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnhcvb04/html/vb04g9.asp> with the SOAP toolkit.) For .NET, we provide a compiled component (DLL file) <http://www.exceptioncollection.com/SherpaExceptions.zip> so that you don't even have to mess with SOAP and web services. ExceptionCollection integrates with all kinds of applications, web-based as well as OS-specific (Windows, Unix, etc.). * ExceptionCollection records valuable information about every exception, including the file and line number generating the exception. A "Custom Info" field allows you to store data unique to your product, such as the version number of libraries on which your product depends. -dave
Current thread:
- MSRPC fragmentation note from Matt + Exception fun Dave Aitel (Sep 15)