Lately, those Cache Pollution issues that many are having, may be the tip of the iceberg of somethin

  • Thread starter Thread starter Ace Fekay [MVP]
  • Start date Start date
A

Ace Fekay [MVP]

I posted this to microsoft.public.win2000.active_directory,
microsoft.public.win2000.dns,
microsoft.public.windows.server.active_directory, and
microsoft.public.windows.server.dns.

I set Followups to microsoft.public.win2000.dns. So please visit/stay in
this newsgroup for all followups/responses to this post.
http://www.esecurityplanet.com/trends/article.php/2242891
Click to expand...

NTCanuck brought this to my attention and thought to share it out.

From this thread:
Newsgroups: microsoft.public.win2000.dns
From: "Richard Schwartz" <[email protected]>
Subject: Windows Server 2003 DNS Cache Issue
Date: Fri, 25 Jul 2003 08:59:07 -0700

in this post:
Newsgroups: microsoft.public.win2000.dns
Subject: Re: Windows Server 2003 DNS Cache Issue
Date: Fri, 01 Aug 2003 01:01:25 GMT
From: NTCanuck
Well...I did nail down several probes FROM port 53 udp *remotes* that
scan (theoretically) for open server ports. I say this only since 3
other
folks (including a few alt roots and isp's) have had odd readings and
errata that fit in with what we saw...but they were unable to capture
or dump the data swiftly enough to critique it more thoroughly.
Click to expand...
****
This came in today (july 31/2003):
''We're seeing an Internet-wide increase in probing that could be a
search for vulnerable computers,'' says Wray. ''It could be a
precursor and it bears continued watching... It certainly could be
serious. It could lead to the distribution of destructive, malicious
code and it could cause considerable disruption.''

http://www.esecurityplanet.com/trends/article.php/2242891
Click to expand...

So maybe the Secure Cache against pollution may help or may not help, but
the one thing that article above mentions is the fact that everyone should
download that RPC vulnerability fix.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Couple reasons to get it done (patched) today...

<quote from grc.com newsgroup (news.feedback)>

Previous CVA posting about MS03-026 Overflow (item #2)
http://archives.neohapsis.com/archives/sans/2003/0101.html

Exploit code by Flashsky and Benjurry of Xfocus
http://archives.neohapsis.com/archives/bugtraq/2003-07/0319.html
http://archives.neohapsis.com/archives/bugtraq/2003-07/0321.html

Exploit code by H D Moore based on Xfocus report. This is a
confirmed working exploit (see FullDisclosure thread linked
below) that provides for the following targets: Windows 2000 SP
0-4, Windows XP SP 0-1.

http://archives.neohapsis.com/archives/fulldisclosure/2003-
q3/0929.html

Compiled Windows executable version of H D Moore's exploit
http://archives.neohapsis.com/archives/vulnwatch/2003-
q3/0054.html

Posting indicating that are currently 7+ exploits in circulation
http://archives.neohapsis.com/archives/fulldisclosure/2003-
q3/0951.html

Free scanning tool from eEye for finding vulnerable machines
http://archives.neohapsis.com/archives/bugtraq/2003-07/0348.html

Commentary by H D Moore
http://archives.neohapsis.com/archives/fulldisclosure/2003-
q3/1011.html

CNET News Article
http://news.com.com/2100-1002_3-5055759.html?tag=fd_top

New vulnerability that crashes the RPC listener (exploit
included):
http://archives.neohapsis.com/archives/bugtraq/2003-07/0255.html
http://archives.neohapsis.com/archives/bugtraq/2003-07/0274.html
http://archives.neohapsis.com/archives/bugtraq/2003-07/0275.html
http://archives.neohapsis.com/archives/bugtraq/2003-07/0279.html

</quote>
 
Back
Top