With the DCom vulnerability affecting: - Every fresh install of most windows operating systems, - Every system where the user is too dumb to click the obvious update button, - Every system registered with a pirate key that has had its access to windows update suspended,
it is IMHO only a short period of time before a successful worm takes effect. At that point, it is highly probably that MS networking will be shunned by most responsible ISPs for their customers protection. May I draw your attention to http://www.cs.berkeley.edu/~nweaver/warhol.html It is highly likely that, in the future, any fresh installs of Windows NT4 / XP / 2000 / 2003 will be `owned' by a dcom worm in less time than it takes to download the patch. <JOKE> Microsoft should change the ports used by their operating systems during patching operation </JOKE> Perhaps Cox is ahead of the crowd...? maybe I'm talking shit.. I don't know, I'm high peace harq ----- Original Message ----- From: <[EMAIL PROTECTED]> To: "Kurt Seifried" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Sunday, August 10, 2003 11:55 PM Subject: Re: [Full-Disclosure] Cox is blocking port 135 - off topic > If they do it like Comcast has it implemented even clients on the same > cable router can't speak on the "windows" ports to each other. Last I > checked they were blocking 137-139 and have been for some time. > > Off topic: > > > > This won't help much at all. Windows 2000/XP run Microsoft SMB over TCP on > > 445 as well (reduced overhead then 135/etc, no NetBIOS layer). When a > > client > > tries to connect to a remote host for file/print sharing/etc it connects > > on > > both ports 135 and 445, if a response is recieved from port 445 it drops > > the > > connection to 135. THe attack works quite well against client systems > > using > > port 445. If Cox blocks both ports 135 and 445 that will be semi-effective > > (except of course for internal users who spread a worm/etc, such as > > laptops > > that move around). THis may block a few of the more stupid attacks but not > > for long. > > > > Kurt Seifried, [EMAIL PROTECTED] > > A15B BEE5 B391 B9AD B0EF > > AEB0 AD63 0B4E AD56 E574 > > http://seifried.org/security/ > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
