Full Disclosure mailing list archives
RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd)
From: Ron DuFresne <dufresne () winternet com>
Date: Tue, 12 Aug 2003 15:46:56 -0500 (CDT)
On Tue, 12 Aug 2003, Evans, Arian wrote:
Chris, #That's only good if you're at home and they would also need to be savy #enough to know how to configure it properly 2000 and XP have builtin IP packet filters. XP has a "personal firewall". I'm not sure what being at home (or being elsewhere) has to do with it, but the fact remains that the technology is there. The packet filtering is rather IP-chains like; it's completely stateless, and configuration is a manual process requiring basic TCP/IP knowledge.
Aye, there's the rub <quoting that famous playwrite> knowledge/skillbase and it's relation to internet protocols, let alone those folks that might have other protocols running. Most users have no real concept of TCP/IP, few that even know it's the internet's communication standard know the difference tween a connectionless protocol and one which is connection oriented. Then there's the complexity of windows and it's applications and the core OS trying to do all this communication between itself and each application, both on localhost as well as broadcast to the world. Not many home users have that knowledge, and there are many folks that work for IS/IT depts that lack it also. Not everyone that works for an IS/IT dept is a admin/net-guru/etc, there's alot of book-keeping, customer relations, etc that requires a skillset dramatically diffeent. How do htese users determine what ports to block, which direction<s> to block, which NIC to do the blocking, etc? And this does not even venture to deal with the knowledgebase required to know if a systems been patched, or that patched system being reversed out of a 'safe-set-up" due to new applications being added. Security, firewalling, hell just installing an OS even an application, is to many, still a blackart, and requires voodoo chants, waving of dead chickens, and the proper colored clothes while doing all that... When one considers how many folks have a blinking timer unset on the new vcr/dvd player in their livingrooms, it's not surprising that tools that are there are not understood, let alone used. It's one of the reasons that so many vendors ship products with such "unsafe" default configurations. Ship the devices wideopen and avoid the support costs to clue a user in or 'fix' what was not shipped functional in the product. Truth be told, some folks don't what to know 'how it works under the hood' as long as the points and clicks produce the output they wishfor, life is fine... sucks, don't it? <smile> Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Blaster: will it spread without tftp?, (continued)
- Blaster: will it spread without tftp? Maarten (Aug 12)
- Re: Blaster: will it spread without tftp? Craig Pratt (Aug 12)
- Re: Blaster: will it spread without tftp? Maarten Hartsuijker (Aug 12)
- Re: Blaster: will it spread without tftp? Jim Clausing (Aug 12)
- Re: Blaster: will it spread without tftp? Matthew Murphy (Aug 12)
- RE: Blaster: will it spread without tftp? Derek Soeder (Aug 12)
- Re: Blaster: will it spread without tftp? Nick FitzGerald (Aug 12)
- Re: Blaster: will it spread without tftp? Russell Fulton (Aug 12)
- Re: Blaster: will it spread without tftp? Gregory Steuck (Aug 13)
- Blaster: will it spread without tftp? Maarten (Aug 12)
- Re: Blaster: will it spread without tftp? Valdis . Kletnieks (Aug 13)
- RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Ron DuFresne (Aug 12)
- Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Gregory Steuck (Aug 13)
- RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Mike (Aug 13)