is it even possible for a worm with dcom vuln?

From: Victor Pereira (vpereiraat_private)
Date: Tue Jul 29 2003 - 12:33:13 PDT

Next message: Markus Kovero: "VL: Remote Linux Kernel < 2.4.21 DoS in XDR routine."

Previous message: Victor Pereira: "perl/php connect-back backdoor?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

<H D Moore>

A highly-effective worm would be not be difficult to write for the reasons
below. Residential ISP's should start blocking 445 and 135 immediately.
Corporate networks should block these ports in both directions at every
major gateway as soon as possible.
....
</H D Moore>

Don't forget all wireless lans without access restrictions around the world.
It is a good target to start a worm propagation using microsoft services,
because a lot of companies close it in they're  internet firewalls, but in a
LAN enviroment, everything is open.
I can't figure out the damage.. can you ? ;-)

Reguards,

______________________________________________
Victor Pereira - LPI, CCSA, CCSE

http://www.modulo.com.br
http://getdata.codigolivre.org.br

Next message: Markus Kovero: "VL: Remote Linux Kernel < 2.4.21 DoS in XDR routine."
Previous message: Victor Pereira: "perl/php connect-back backdoor?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 30 2003 - 12:39:57 PDT