|
Member Login:
|
|
 |
December 10th, 2002
|
Top | #1 |
OSNN Veteran Addict
Joined: December 2001
Location: Turtle Island
Posts: 1,390
Reputation: 290
Power: 143 |
Vulnerability
Secondly I'd like to mention a vulnerability than can be potentially very bothersome for new users to the XP/Win2k and I think NT world. From what I've read theres no fix for it yet other than blocking port 135. I'm posting it here so any l33t script kiddie newbs or hacker newbs don't find out about it yet, at least from me. I'll post what I typed into the Private channel this morning, and I've found many links regarding this so called "new winnuke". My Story: [08:53] <Kr0m`> This port 135 exploit is pretty serious for unfirewalled users [08:54] <Kr0m`> brings back the old 'winnuke' days [08:55] <Kr0m`> oddly enough I didn't have zonealarm running yesterday, and I was idling on irc.enterthegame.com network(gaming community...... [08:55] <Kr0m`> while I was watching TV on the couch lastnight, my monitor turned on and XP was rebooting on its own, ive got reboot on critical errors disabled so I figured something was up [08:56] <Kr0m`> once I rebooted, I turned ZAPro on, set the max settings, joined IRC again, and the chanels I was in... [08:57] <Kr0m`> and noticed other people talking about the same thing happening to them... [08:57] <Kr0m`> So in hopes of baiting the culpret, I publicly said that my machine rebooted on its own too, and should I run a firewall and what was a good firewall to get, and that I was running XP too.. [08:58] <Kr0m`> sure enough, within seconds ZAPro blocked attempts to port 135 [08:59] <Kr0m`> which in turn gave me the tard's IP, and with ircN, i can do /nickfind IP to match that IP to anyone that is on any channels that I'm on.. [08:59] <Kr0m`> which it did [09:00] <Kr0m`> I /whois'd him, post his info and channels he was on, and his nickname and IP, and others joined his channels, and he said in the channel he was on something in another language with my nick, and he immediately quit irc [09:01] <Kr0m`> at any rate, the point of this story is, anyone that isn't firewalled, theres a RPC exploit out there for people running NT,2000, XP [09:01] <Kr0m`> no patch yet [09:02] <Kr0m`> I've found some info which I think concerns this matter.. [09:03] <Kr0m`> http://lists.insecure.org/lists/vuln...-Dec/0009.html [09:03] <Kr0m`> its been detected for almost a month now, and MS hasnt supplied us a fix yet [09:03] <Kr0m`> Vulnerability: RPC Service DoS (port 135/tcp) on Windows 2000 SP3 [09:04] <Kr0m`> obviously this isnt prone to just win2k sp3 machines [09:05] <Kr0m`> I was going to post this into the forums, but declined to [09:06] <Kr0m`> I want people to know about it to defend themselves, but in turn it will make the lamers out there(the ones that dont know about it yet) want to do it [09:08] <Kr0m`> The vulnerability itself is within the DCE-RPC stack of Windows 2000 [09:08] <Kr0m`> and related OS's. This vulnerability allows anyone who can connect to [09:08] <Kr0m`> port 135 TCP to disable the RPC service. Disabling the RPC service [09:08] <Kr0m`> causes the machine to stop responding to new RPC requests, disabling [09:08] <Kr0m`> almost all functionality. This was made public back in October, but I never knew about it until lastnight. I've been busy in the gaming community. The link to info regarding this: vulnwatch If any of you find out helpful information about this issue, please share it. |
|
|
|
December 10th, 2002
|
Top | #2 |
Prodigal Son
Joined: February 2002
Location: Texas, USA
Posts: 8,542
Reputation: 1410
Power: 225 |
Whoa, thanks for the heads up.
|
|
|
|
|
December 10th, 2002
|
Top | #3 |
Electronica Addict
Joined: February 2002
Location: Santa Clara, CA
Posts: 10,574
Reputation: 2960
Power: 260 |
Thanks dude. Thankfully I have a hardware firewall.
|
|
|
|
|
December 10th, 2002
|
Top | #4 |
The Boss
Joined: December 2001
Location: Birmingham, UK
Posts: 1,730
Reputation: 90
Power: 145 |
Nice find m8... get info on it... if its a new exploit... stick it up as a stick on the Security news section... might as well as make a thread in the forums too
MdSalih |
|
|
|
|
December 10th, 2002
|
Top | #5 |
|
Tech Junkie
Joined: April 2002
Location: New York City
Posts: 13,256
Reputation: 4260
Power: 298 |
Thanks Kr0m!!
 *Adds port 135 to the router's packet filter page* |
|
|
|
|
December 10th, 2002
|
Top | #6 |
|
OSNN Veteran Addict
Joined: December 2001
Location: Turtle Island
Posts: 1,390
Reputation: 290
Power: 143 |
I think it's a good idea we hold off on making this public on the site. At least until MS finds some sort of patch or fix for this. Like I said before, the more gimps or script kiddies know about this, the more it will be tried or happen. I just wanted to let you guys know.. to keep your firewalls or whatever it is you use, set to block info coming to port 135. This isn't new, I mentioned before that it's been on Security Sites since October. I've seen some attempts to various ports before, including port 135 but I never actually knew what the assassins were trying to do with this one until lastnight when I had my firewall down.
|
|
|
|
|
December 11th, 2002
|
Top | #7 |
The Last High
Joined: December 2001
Location: London
Posts: 18,510
Blog Entries: 51
Reputation: 3652
Power: 349 |
I don't even use a firewall
|
|
|
|
|
December 11th, 2002
|
Top | #8 |
|
The Boss
Joined: December 2001
Location: Birmingham, UK
Posts: 1,730
Reputation: 90
Power: 145 |
MdSalih |
|
|
|
|
December 11th, 2002
|
Top | #9 |
Queen of Farts
Joined: March 2002
Location: Texas
Posts: 10,949
Blog Entries: 7
Reputation: 1843
Power: 252 |
Hehe, it's the ! top right
|
|
|
|
|
December 11th, 2002
|
Top | #10 |
|
The Last High
Joined: December 2001
Location: London
Posts: 18,510
Blog Entries: 51
Reputation: 3652
Power: 349 |
hax0r me on irc,
|
|
|
|
|
December 11th, 2002
|
Top | #11 |
|
The Boss
Joined: December 2001
Location: Birmingham, UK
Posts: 1,730
Reputation: 90
Power: 145 |
was a joke  MdSalih |
|
|
|
|
December 11th, 2002
|
Top | #12 |
|
The Last High
Joined: December 2001
Location: London
Posts: 18,510
Blog Entries: 51
Reputation: 3652
Power: 349 |
Do you look stupid?
Did you add you member pic yet? |
|
|
|
|
December 11th, 2002
|
Top | #13 |
|
Queen of Farts
Joined: March 2002
Location: Texas
Posts: 10,949
Blog Entries: 7
Reputation: 1843
Power: 252 |
|
|
|
|
|
December 11th, 2002
|
Top | #14 |
|
Bow Down to the King
Joined: April 2002
Location: New York
Posts: 13,312
Reputation: 4090
Power: 297 |
well, I will.. =) |
|
|
|
|
December 11th, 2002
|
Top | #15 |
|
OSNN Veteran Addict
Joined: December 2001
Location: Turtle Island
Posts: 1,390
Reputation: 290
Power: 143 |
Hmm, ive been thinkin about this, should we make this more public than it already is? Some probably know about it, but id guess that the avg person doesnt, especially the ones without firewalls. It should be on the front page if we do post it.
|
|
|
|
|
December 11th, 2002
|
Top | #16 |
|
Electronica Addict
Joined: February 2002
Location: Santa Clara, CA
Posts: 10,574
Reputation: 2960
Power: 260 |
I think we should..will help people get more secure from this..but like you said there is a drawback when the script kiddies find out about this..
|
|
|
|
|
December 11th, 2002
|
Top | #17 |
|
The Boss
Joined: December 2001
Location: Birmingham, UK
Posts: 1,730
Reputation: 90
Power: 145 |
MdSalih |
|
|
|
|
| Bookmarks |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Safari Vulnerability Detected | Mastershakes | Macintosh | 8 | February 22nd, 2006 2:25am |
| Mac OS X update fails to fix vulnerability | tdinc | Macintosh | 0 | June 1st, 2004 5:17pm |
| *Important* RPC Service vulnerability | Kr0m | Windows Desktop Systems | 17 | April 6th, 2003 4:23am |
| Is there a fix for the xp logoff vulnerability? | Powerchordpunk | Windows Desktop Systems | 14 | March 26th, 2002 2:42am |
Page generated in 0.18 seconds with 15 queries.
