Bassett, Mark [EMAIL PROTECTED] to me:
Well, it is the most widely supported default interface that is
vulnerable. It would be a very unusual machine that is vulnerable on
some other port and _NOT_ on 135, so what is the payoff for writing an
exploit (at least a prrof of concept) that
[SNIP]
Bluetooth phones as modems! I have been calling on this issue for some
time, and generally received a dismissive response from System
Administrators and IT management. No one wants the work load or
responsibility this entails. I suppose that if you don't acknowledge the
Paul Tinsley [EMAIL PROTECTED] wrote:
Microsoft owns up to the exploit being usable on 135, 139 and 445, I have
heard rumors of port 80 being vulnerable as well. ...
Brad Bemis is right -- other ports (and not just port 80) associated
with IIS _if_ COM Internet Services is enabled are also
Title: RE: [Full-Disclosure] DCOM Exploit MS03-026 attack vectors
I am aware of how that works, my question
was as to whether anybody had seen attacks/code using a port other than 135?
Sorry for any confusion.
From: Brad Bemis
[mailto:[EMAIL PROTECTED]
Sent: Thursday, July 31
Well, it is the most widely supported default interface that is
vulnerable. It would be a very unusual machine that is vulnerable on
some other port and _NOT_ on 135, so what is the payoff for writing an
exploit (at least a prrof of concept) that tries other ports?
Because 9 times out of 10
Because 9 times out of 10 port 135 is blocked by some sort of firewall,
whilst port 80 is not blocked on a web server.
Not telecommuters on dial-up IP's and Blue-Toothed into the net thru
their Ericsson phones, and surfing from the airport and WIFI cafes of the
world. Most Sysadmins are
snip
Because 9 times out of 10 port 135 is blocked by some sort of firewall,
whilst port 80 is not blocked on a web server.
Not telecommuters on dial-up IP's and Blue-Toothed into the net thru
their Ericsson phones, and surfing from the airport and WIFI cafes of the
world.
/snip
Title: RE: [Full-Disclosure] DCOM Exploit MS03-026 attack vectors
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It is not necessarily port 80, but TCP port 593 (RPC-over-HTTP) or any IIS
HTTP/HTTPS port if COM Internet Services are enabled.
Thank you for your time and attention
