[inbox] RE: [Dshield] New Microsoft Windows RPC vulnerability

Rick Leske rick at jaray.net
Wed Sep 17 00:33:56 GMT 2003


LOL.. no silly.. I'm one of the ole kids who believes in blocking
everything.. and opening up only those ports necessary for normal internet
traffic and/or specialized client/server apps.. ;-)  I've been with
microsoft/windows since probably version 2.1 when Mr. Gates was chunk'n code
in his tent.  I believe the rpc/dll overrun problems have only become an
issue as of late, 18 months?.. could be wrong though..

as a side note... I did once own an IBM 8088/8 .. clocked that puppy to a
screaming 12 MHz.. LOL.. it was fast!.. back then we were real computer
technicians.. not like today's 'appliance' operators.. LOL

tnx for the correction,

~Rick


> -----Original Message-----
> From: list-bounces at dshield.org [mailto:list-bounces at dshield.org]On
> Behalf Of Vesselin Peev
> Sent: Tuesday, September 16, 2003 5:56 PM - FamHost
> To: General DShield Discussion List
> Subject: Re: [inbox] RE: [Dshield] New Microsoft Windows RPC
> vulnerability
>
>
> Since the '70's? Then you've actually had only one year to block these in
> the 70's, before the 80's came. You mean Microsoft Basic-80 came out with
> NetBIOS and Remote procedure calls? :)
>
> ----- Original Message -----
> From: "Rick Leske" <rick at jaray.net>
> To: "General DShield Discussion List" <list at dshield.org>
> Sent: Tuesday, September 16, 2003 6:21 PM
> Subject: [inbox] RE: [Dshield] New Microsoft Windows RPC vulnerability
>
>
> > This is way old news.. really.. block 135, 137, 139, 445 ports.. at the
> > least.  One of micro$oft's Totally Stupid things to leave open.  Been
> > blocking them since the 70's
> >
> > ~Rick
> >
> > > -----Original Message-----
> > > From: list-bounces at dshield.org [mailto:list-bounces at dshield.org]On
> > > Behalf Of Margles Singleton
> > > Sent: Tuesday, September 16, 2003 4:05 PM - FamHost
> > > To: list at dshield.org
> > > Subject: Re: [Dshield] New Microsoft Windows RPC vulnerability
> > >
> > >
> > > Haven't seen code, but apparently it exists and has been tested, and
> > > that it targets ports 135, 139, and 445
> > >
> > > mas
> > >
> > > >>> asebba at secrel.com.br 09/16/03 03:38PM >>>
> > > Do anyone have an exploit to this new RPC vulnerability?
> > >
> > > ----- Original Message -----
> > > From: "Dietmar Goldbeck" <dietmar.goldbeck at acm.org>
> > > To: "General DShield Discussion List" <list at dshield.org>
> > > Sent: Monday, September 15, 2003 6:20 PM
> > > Subject: Re: [Dshield] New Microsoft Windows RPC vulnerability
> > >
> > >
> > > > On Wed, Sep 10, 2003 at 03:03:40PM -0700, John Hardin wrote:
> > > > >
> > > > > Maybe we need to be proactive. Add any IP address from which a
> > > SoBig or
> > > > > 135 scan originates to the Potential Open Relay BL (PORBL).
> > > > >
> > > >
> > > >   Hello,
> > > >
> > > > has anybody thought about using dshield as spam blocking database?
> > > > What about refusing mail from IPs attacking other systems?
> > > >
> > > >   comments?
> > > >
> > > >    Ciao
> > > >      Dietmar
> > > >
> > > > --
> > > >  Alles Gute / best wishes
> > > >      Dietmar Goldbeck         E-Mail: dietmar.goldbeck at acm.org
> > > > Reporter (to Mahatma Gandhi): Mr Gandhi, what do you think of
> > > Western
> > > > Civilization?  Gandhi: I think it would be a good idea.
> > > >
> > > > _______________________________________________
> > > > list mailing list
> > > > list at dshield.org
> > > > To change your subscription options (or unsubscribe), see:
> > > http://www.dshield.org/mailman/listinfo/list
> > > >
> > >
> > > _______________________________________________
> > > list mailing list
> > > list at dshield.org
> > > To change your subscription options (or unsubscribe), see:
> > > http://www.dshield.org/mailman/listinfo/list
> > >
> > >
> > > _______________________________________________
> > > list mailing list
> > > list at dshield.org
> > > To change your subscription options (or unsubscribe), see:
> > > http://www.dshield.org/mailman/listinfo/list
> > > ___________________________________________________________________
> > > Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.
> > >
> > >
> >
> > ___________________________________________________________________
> > Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.
> >
> > _______________________________________________
> > list mailing list
> > list at dshield.org
> > To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> >
> >
>
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> ___________________________________________________________________
> Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.
>
>

___________________________________________________________________
Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.




More information about the list mailing list