[Dshield] Port 135

Russell Washington russ.washington at vaultsentry.com
Thu Oct 17 18:03:12 GMT 2002


I have to agree.  The sole purpose of putting up a web server or mail server
up is to have it accessed.  That's why it's called a *server*.

Putting a workstation up that happens to have a daemon running because
that's part of the D#)@ed OS does not, on the other hand, equate to wanting
to have everyone on the planet come prodding it.

With that in mind, the intent Q is pretty much moot.

On the flip side, any admin who lets this or any other service that they
don't *want* accessed from outside through their FW is either:

(a) under programmatical duress
(b) under management-imposed duress
(c) under customer-imposed duress
(d) working in an illness-induced fog
(e) out of their mind. :)

Whether it's legal or illegal has never stopped hackers and spammers before,
so the smart and enabled admin will configure against it (and bear the
consequences if he/she doesn't).

-Russ

-----Original Message-----
From: John Hardin [mailto:johnh at aproposretail.com] 
Sent: Thursday, October 17, 2002 10:07 AM
To: DShield mailing list
Subject: RE: [Dshield] Port 135


On Thu, 2002-10-17 at 06:05, Lauro, John wrote:
> > >>>> 
> > having knowingly accessed a computer without authorization or
> exceeding authorized access
> > <<<<
> > 
> > Clearly this is knowing, without authorization and even though 135,
> and for the sake of argument
> > 80 may be exposed, the access exceeds what the system's owner
> authorizes.
> 
> It is simply a message.  The computer was not accessed in an 
> unauthorized manner. Otherwise, it would be illegal to send e-mail to 
> someone without prior authorization...

Hmm. Maybe we're splitting hairs here, but:

Putting up a web server or mail server and knowingly allowing the traffic
through your firewall is implicit authorization for the public to access
that server.

Having an unusual service running by default, that you may not even be aware
of, and by accident or oversight - but *not* knowingly - allowing traffic
through your firewall to that service, is not something I would call
authorization for public access.

Ignorance perhaps, clumsiness perhaps, but not authorization. Thus the
access is unauthorized.

-- 
John Hardin                                   <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
 ...people confuse "security" and "Trustworthy Computing."
                                 - Craig Mundie, MS Senior VP and CTO
-----------------------------------------------------------------------
 62 days until The Two Towers

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list