> > This is clearly the biggest bug yet. I can kill all of the services of > MS Exchange Server, as well as INETINFO (MSX doesn't rely on INETINFO). > So clearly this bad code has been used in numerous products. > > Cheers, > Russ > R.C. Consulting, Inc. - NT/Internet Security Consulting > "Why does Plug-n-Play so often turn into Unplug-n-Pay?" Owch.. Yep.. looks like it's both dynamic (i.e. port 1031 isn't always the port it ends up on) and it's used in more than just that. The box I tried it on first was pretty stock. I tried it on a loaded up box (Exchange and Winframe 3.51) and there are *lots* of ports that little perl script kills it on. Good thing I have an extremely anal-retentive packet filter in front of that one :-) So it looks like all you need to is use that perl script (or modify Proff's strobe program to heave something at the port when it connects) and lots of things hardloop. Sorry kids, it's not another static port, It's all over the place int MS's code. so it depends what you run on your server. The released microsoft fix does *NOT* fix this. it ONLY fixes the problem on port 135. -Bob -- Bob Beck Obtuse Systems Corporation beckat_private http://www.obtuse.com/ True Evil hides its real intentions in its street address. Search and you shall find it, and the truth shall set you free.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:13:19 PDT