> -----Urspr�ngliche Nachricht-----
> Von: Elizabeth Zwicky [SMTP:[EMAIL PROTECTED]]
> Gesendet am: Samstag, 29. Mai 1999 00:24
> An: [EMAIL PROTECTED]
> Betreff: Re: Best Security Thread
>
>
> >As my position involves recommending network security components to both
> >commercial and government entities, I would appreciate more discussion on
> >the threats protocols like DCOM hold for networks. Has anybody seen that
> >particular protocol used maliciously yet (other than Microsoft).
>
> The lower level protocol DCOM
> uses is Microsoft RPC. Like all the other RPCs, Microsoft RPC
> uses dynamically allocated ports above 1024. DCOM is also capable
> of using server callbacks (where the server initiates communication
> to the client independent of the original call). Whether DCOM
> is UDP or TCP depends on what platform you're using, but UDP is
> the default for NT. Just for a bonus, DCOM imbeds IP addresses inside
> packets, so you can kiss straightforward NAT goodbye.
>
[Kunz, Peter] Now this sounds majorly ugly, a nice list of about
everything you wouldn't want. So, can we now go bash MS for DCOM or just for
their RPC architecture? :-)
cu
-pete
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
