[4101] in WWW Security List Archive
Re: Status on NT4 bug, and how I found it.....
daemon@ATHENA.MIT.EDU (bracha@eye-on.co.il)
Sun Jan 26 14:54:42 1997
From: bracha@eye-on.co.il
Date: Sun, 26 Jan 1997 20:03:39 +0200
To: "Jason T. Luttgens" <luttgenj@kic.or.jp>
CC: "firewalls@greatcircle.com" <firewalls@GreatCircle.COM>,
"'BUGTRAQ@NETSPACE.ORG'" <BUGTRAQ@NETSPACE.ORG>,
"'www-security@ns2.rutgers.edu'" <www-security@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
Jason T. Luttgens wrote:
>
> I have submitted a bug report to MS hours ago and am waiting to hear back from them.
> I have no MS contacts, so I can't expedite the process. CERT has been notified by myself.
> The temporary fix, as you all may or may not have seen, is to block port 135, either on the
> router, or in NT itself. As soon as I hear from Microsoft or CERT, I will post a more detailed
> message.
> I am not an NT guru, I was just starting a security eval last week on NT. I ran a portscanner
> and wrote down all open ports. I then proceeded to telnet to each of them and ... experiment.
> I did not notice any problem immediately after telneting into port 135, typing the characters,
> and disconnecting. It was only after the phone was ringing off the hook because our class B
> network's DHCP server (the only NT box we have) was no longer leasing IP addresses.
> Another individual in my shop proceeded to find out what was up, and upon running the perf
> monitor, found the CPU pegged at 100%. Well, we saw the process rpcss.exe taking up all the
> processor time, and we didn't know what it was. We tried to kill it, but couldn't. We let it sit for
> an hour, thinking maybe it will clear out. Nope. Rebooting was all we could do to fix it. (I did not
> know about the debug function that you can use to kill it, and also someone reports that the
> unix port of kill for NT will kill it). Now, we have no other NT machines, and nobody I know
> does. That's what led me to posting it on Bugtraq and WWWsecurity....
> I have gotten LOADS of responses about this. I want to thank everyone for their inputs
> and views. Even though I really don't like NT, I still don't want the security of sites on the
> Net to be jeopardized. You never know what might happen......
>
> Jason
Take me off this dumb list!!!!!Take me off this dumb list!!!!!Take me
off this dumb list!!!!!Take me off this dumb list!!!!!Take me off this
dumb list!!!!!Take me off this dumb list!!!!!Take me off this dumb
list!!!!!
