Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

searchnetworking.techtarget.com - Is there any truth to this article?

0 views
Skip to first unread message

Sabo, Eric

unread,
Oct 13, 2003, 2:17:19 PM10/13/03
to
Please read:
http://searchnetworking.techtarget.com/originalContent/0,289142,sid7_gci931921,00.html

Is there any truth to this article?
--
Eric Sabo
NT Administrator


Alun Jones [MS MVP]

unread,
Oct 13, 2003, 5:16:34 PM10/13/03
to
In article <uw#C$YbkDH...@TK2MSFTNGP11.phx.gbl>, "Sabo, Eric"
<sab...@cup.edu> wrote:
>Please read:
>http://searchnetworking.techtarget.com/originalContent/0,289142,sid7_gci931921,

>00.html
>
>Is there any truth to this article?

The article notes that there appear to be further RPC exploits left
unpatched.

There are always unpatched exploits, and so I would be thinking about "how
do I keep my system secure". Use this article as a point of leverage if you
have to, but simply start considering what to do to prevent yourself from
being a victim.

Install a firewall. Lock it down. Only open up those ports that you _know_
you need, and consider whether there is any liability on those ports that
requires closer monitoring or Intrusion Detection Scanning software.

Make sure that people realise that there needs to be a concept of "inside
the firewall" and "outside the firewall". Do not allow machines or data to
cross from "outside the firewall" to "inside" without first being checked.
This means that your CEO may not bring his nephew's laptop in to make the
office into a LAN party, your salesmen returning from other companies need
to have their laptops scanned before they plug them into the corporate
network, etc, etc.

And keep your eyes peeled for a patch. If there is an exploit, there will
be a patch. If Microsoft notifies favoured people of exploits before it
makes public announcements, I have yet to see it. You know what we know.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place | al...@texis.com.
Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.

Jeff Cochran

unread,
Oct 14, 2003, 10:09:37 AM10/14/03
to
On Mon, 13 Oct 2003 14:17:19 -0400, "Sabo, Eric" <sab...@cup.edu>
wrote:

>Please read:
>http://searchnetworking.techtarget.com/originalContent/0,289142,sid7_gci931921,00.html
>
>Is there any truth to this article?

Yes, there's truth to it. But since RPC attacks on NetBIOS ports are
commonplace, any sensible admin has blocked these ports at the
firewall. Especially in light of past attacks on the same port and
service.

If you don't need to communicate on a port, don't open it in your
firewall. If you don't need to run a service, disable it or remove
it. Granted, RPC is almost impossible to get away from, but port 135
attacks have been happening for the last six or eight years or so, any
professional admin caught by them needs to retire. Or beat up the
firewall admin who opened the port.

Jeff

0 new messages