RE: New Poll on MSExchange.org

  • From: "Mike Dufoe" <dufoem@xxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Wed, 20 Aug 2003 14:17:28 -0400

No, they weren't affected...Unix boxes. 
 
RPC in the Win32 world works differently than RPC in the UNIX world. On
the windows side of the house, RPC communicates through port 135 (which
the virus targetted).
 
 In UNIX, RPC is used through a helper service called Portmap, which
runs on TCP port 111. But Portmap only tells the requesting host which
TCP port the actual RPC service is bound to. This is because a majority
of RPC services are bound to a dynamic port on startup.
 
 On top of that, the Win32 exploit wouldn't have worked because UNIX
can't natively run Win32 code (which the virus was using as a payload).
Plus, the method it was exploiting the windows machines wouldn't have
worked if it talked to a UNIX RPC service anyways, because the
particular overflow wouldn't have been present in the program.
 
Mike
 
 
-----Original Message-----
From: Frederic Giroux [mailto:fgiroux@xxxxxxxxxxxxxx] 
Sent: Wednesday, August 20, 2003 10:01 AM
To: [ExchangeList]
Subject: [exchangelist] RE: New Poll on MSExchange.org
 
http://www.MSExchange.org/
Mike Dufoe said... 
2000 but after this last outbreak from MS (RPC), my CEO's want me to
find another product as they say they can't have down time like this and
why should we pay thousands of $$$ for this ????
 
 
 
I am sorry to disagree with your CEO. I do have some empathy for lay
people that are affected by Blaster and others of the sort since they do
not have the training (or they simply don't care) to realize the
importance of upgrading and maintaining systems up-to-date.  However, I
have much less empathy for SysAdmins that are suppose to know what they
are doing.
 
The RPC bug is only another problem in a long list of problems that
affect ANY OS. Linux, UNIX and others do have problems and sometimes
those problems remain unfixed for a long time of the SysAdmin do not
upgrade their systems (recall the BIND bug).
 
I am not a MS fan per say. I respect every OS the way it has to be
respected.  After years of development, Windows is finally (with 2000) a
stable platform that deserves to be in the major leagues.  What makes
the differences between Windows and other OSes is that Windows is more
"democratic" so lots of "wannabe" SysAdmin try it thinking they can
easily manage it. This is lack of respect and they eventually have to
pay for it.
 
My point is that if you maintain your system up-to-date, manage the
firewall properly and do administrative tasks (such as checking your
antivirus), you will be able to avoid problems such as the ones caused
by Blaster. Of course, all systems have flaws that an intruder can get
through (if it can be found).
 
In conclusion, my point is that it is easy to blame Windows and/or
Microsoft. Before doing that, start thinking about what YOU could have
done to prevent problems and, most of the time, you will realize that
you made a mistake along the road.
 
If you switch product, you will realize that they also have their flaws.
 
Frederic Giroux
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
dufoem@xxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub') 

Other related posts: