> -----Original Message----- > From: Stong, Ian C. (Contractor) [mailto:StongIat_private] > Sent: Friday, 1 August 2003 11:33 p.m. > To: 'Russell Fulton'; Schmehl, Paul L > Cc: incidentsat_private > Subject: RE: Command Line RPC vulnerability scanner? > > > Hi Russell, > > A possible workaround (depending on your WAN requirements for port 135) for > the systems that can't be patched is to simply block port 135 into your > network. If you need port 135 to be accessible from certain remote sites > then allow those specific source/destination address and port pairs through > your router or firewall. This will work well to stop attacks originating from the Internet, but as it was discussed on another mailing list (Full-disclosure), this is definetly not sufficient. I'd like to warn people that port blocking on their perimeter firewalls is *not* enough (and only a small number of companies can afford *good& firewalling in internal networks). It is probably just a question of time when one of the following two will happen: 1) An employee inside your network or with VPN access runs exploit on your internal network. 2) Worm is written which exploits this vulnerability and enters your network via employees computer and VPN. 3) Same worm spreads with mass e-mail. Therefore, I'd consider patching as the only solution against this (nasty) vulnerability. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sat Aug 02 2003 - 10:34:05 PDT