Full Disclosure mailing list archives
RE: DCOM RPC exploit (dcom.c)
From: Ron DuFresne <dufresne () winternet com>
Date: Mon, 28 Jul 2003 10:45:47 -0500 (CDT)
[SNIP]
What fingerprinting? If you've got 135/UDP open to the Internet, you're screwed. Slammer didn't fingerprint. It simply hit every box it could find on port 1434/UDP, and the exploit either worked or it didn't. Most worms do the same. They attack indiscriminately, and infect those Oses that are susceptible. And with Windows, that's enough boxes to cause a real problem.
And those sites during slammer that blocked 1434, as was advised when the patch was made available, though it was advised even long before that, were largely unafected. Sites that are properly blocking 135 and it's protocolcs will most likely be unaffected from any new worm wishing to exploit this repeat problem with DCOM/RPC. Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: DCOM RPC exploit (dcom.c), (continued)
- Re: DCOM RPC exploit (dcom.c) Justin Shin (Jul 27)
- Re: DCOM RPC exploit (dcom.c) tcpdumb (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Nick FitzGerald (Jul 27)
- Re: Re: DCOM RPC exploit (dcom.c) Dan Stromberg (Jul 28)
- Re: DCOM RPC exploit (dcom.c) Curt Purdy (Jul 31)
- RE: DCOM RPC exploit (dcom.c) Ron DuFresne (Jul 28)
- RE: DCOM RPC exploit (dcom.c) Robert Wesley McGrew (Jul 28)
- RE: DCOM RPC exploit (dcom.c) gml (Jul 28)
- Re: DCOM RPC exploit (dcom.c) Valdis . Kletnieks (Jul 28)
- RE: DCOM RPC exploit (dcom.c) Marc Maiffret (Jul 28)
- RE: DCOM RPC exploit (dcom.c) Ron DuFresne (Jul 28)
- RE: DCOM RPC exploit (dcom.c) Admin GSecur (Jul 28)
- RE: DCOM RPC exploit (dcom.c) Nick FitzGerald (Jul 28)