Disabling DCOM and vulnerability scans

Russell Fulton r.fulton at auckland.ac.nz
Mon Aug 4 00:07:54 GMT 2003


I've copied this note to unisog and others -- primary target is UoA's
computer support community....

Hi All,
	We have established that turning of DCOM via dcomcfg.exe, while
presumably protecting the machine from being compromised, confuses the
vulnerability scanners and such systems show up as vulnerable. This is
true even if the machine has actually been patched.

I'm guessing that this is because the scanners are looking for some
specific response to their probe and are not getting it because the
services are turned off. 

What would be most useful would be if the scanner showed these machines
in a separate category, say 'disabled', not as vulnerable.

So far I've tested this with the Eeye, ISS and nessus.

So if systems that you have disabled DCOM on some up as vulnerable on my
lists don't get too excited (just double check that dcom really is
turned off).

Cheers, Russell.
-- 
Russell Fulton, Network Security Officer, The University of Auckland,
New Zealand.



More information about the unisog mailing list