[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Your counsel on defeating DDOS Attacks
- To: "'Steven M. Christey'" <coley@linus.mitre.org>, cve-editorial-board-list@lists.mitre.org
- Subject: RE: Your counsel on defeating DDOS Attacks
- From: David LeBlanc <dleblanc@microsoft.com>
- Date: Wed, 16 Feb 2000 18:55:29 -0800
- Delivery-Date: Wed Feb 16 22:10:31 2000
> -----Original Message----- > From: Steven M. Christey [mailto:coley@LINUS.MITRE.ORG] > To comment on something that David LeBlanc suggested... > > >> c. Sun users should ensure that rpc traffic is allowed only from > >>management systems. > >I would not get into specific vendor actions here. We could make the > >document very large if we get into details like this. > > In this particular case, I would disagree. Approximately half of the > CERT advisories published in 1999 deal with serious vulnerabilities in > RPC services. Most of the CERT activity summaries in the past year > state that those vulnerabilities were being extensively exploited. > The SANS GIAC reports indicate that attackers regularly attempt to > access RPC services. My reasoning here is that it is often recommended that someone restrict ports 137-139 TCP and UDP for NT, and that there were a couple of commonly exploited holes in IIS in the last year. If we're going to go into specific actions to protect against common exploits exposed by the various vendors, we could probably come up with a very long list. (<joke> didn't we just go over 500 in the list? <g>) I agree with you that RPC has historically been and remains a popular way of compromising many UNIX machines, but I'd advise against getting into vendor specifics in this particular document. I also know that it is currently a popular way to gain access used to install some of the DDoS tools, but again, this could change very, very rapidly. For one thing, most of the DDoS tools do not currently run on NT, but I've personally ported a lot of UNIX code to NT, and I don't think there are any technical reasons that DDoS tools cannot run on NT. Not that I plan on porting any of the attack tools... I'm also not sure it is fair to single out any one vendor in a document of this type, and this could be just the problem of the day. My $0.02, and I don't feel strongly enough about it to argue further - I think reasonable people could easily come to different conclusions on this point.
- Prev by Date: Re: Your counsel on defeating DDOS Attacks - CLARIFICATION
- Next by Date: Re: Your counsel on defeating DDOS Attacks
- Prev by thread: Re: Your counsel on defeating DDOS Attacks
- Next by thread: Re: Your counsel on defeating DDOS Attacks
- Index(es):
