Re: MSDE contained in...

["nutcase26" <nutcase26 () hotmail com>]

Paul et al,

Forgive my ignorance, but are you telling me that when an FTP, HTTP, Telnet
client initiates a request to a remote server that my client doesn't
interface with eth0?

You mention in general but then very boldly state below " It's only if the
app is being used **as a server**

Which is it, is it general or only ?


When I use Visio to PUBLISH my architectural design to my web server am I
not  infact opening the MSDE  and port * ?


Doesn't mickeysoft want us to let them determine when updates are required?

Paul, are you a user of Microsoft products?


Please correct me if I'm wrong..


esactun---


----- Original Message -----
From: "Paul Schmehl" <pauls () utdallas edu>
To: "Tina Bird" <tbird () precision-guesswork com>
Cc: <full-disclosure () lists netsys com>
Sent: Tuesday, January 28, 2003 10:48 AM
Subject: Re: [Full-disclosure] MSDE contained in...


> On Mon, 2003-01-27 at 22:14, Tina Bird wrote:
> > --> Bleh.  I stand corrected.
> Don't stand completely corrected.  Check the instances you have
> running.  You will find that, in general, if an app is used locally,
> even *if* the ports are open, they are only open on localhost.  This is
> true of Visio as well as Office and many other apps.  It's only if the
> app is being used **as a server** that the port is open to the network
> interface.
>
> --
> Paul Schmehl (pauls () utdallas edu)
> Adjunct Information Security Officer
> The University of Texas at Dallas
> http://www.utdallas.edu/~pauls/
> AVIEN Founding Member
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html