Re: [Full-Disclosure] Cox is blocking port 135 - off topic

[Joey <joey2cool@yahoo.com>]

Microsoft says - "To exploit this vulnerability, the
attacker must be able to send a specially crafted
request to port 135, port 139, port 445, or any other
specifically configured RPC port on the remote
computer. For intranet environments, these ports are
typically accessible, but for Internet-connected
computers, these ports are typically blocked by a
firewall."

But since those are different services(SMB, DCOM,
Netbios), wouldnt you need to send an entirely
different packet? it sounds impossible to use the same
exploit on multple protocols.

Port 80 is not an attack vector -
"RPC over UDP or TCP is not intended to be used in
hostile environments, such as the Internet. More
robust protocols, such as RPC over HTTP, are provided
for hostile environments."
http://support.microsoft.com/?kbid=823980

Microsoft is saying RPC over UDP or TCP shouldnt be
used on the internet and you need a firewall to block
the ports anyway. I guess they aren't keeping their
new promise for security seriously.

--- roman.kunz@juliusbaer.com wrote:
> hi list,
> 
> i tried all different DCOM RPC sploit's i could find
> (from the very 
> beginning till the newest versions).
> i couldn't find any succesfully working on other
> ports then 135.

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html