[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] IIS 5.0 random/fixed TCP/UDP ports

To: "Frank Knobbe" <frank@knobbe.us>, <Full-Disclosure@lists.netsys.com>
Subject: Re: [Full-Disclosure] IIS 5.0 random/fixed TCP/UDP ports
From: "Lan Guy" <rlanguy@hotmail.com>
Date: Tue, 11 Nov 2003 11:36:34 +0200

Have not tried to exploit it, 

But MS have fixed in IIS 6 (Win2003 Server) at least the port is only open to 
localhost.

So  I would argue they have learnt, but they haven't fixed it!  
  ----- Original Message ----- 
  From: Frank Knobbe 
  To: Jean-Baptiste Marchand 
  Cc: full-disclosure@lists.netsys.com 
  Sent: Tuesday, November 11, 2003 1:51 AM
  Subject: Re: [Full-Disclosure] IIS 5.0 random/fixed TCP/UDP ports

  If that port is used INTERNALLY, shouldn't it be listening INTERNALLY,
  as in LOCALHOST? When will MS ever learn... 

  (And the first one who replies with "Microsoft is adding host based
  firewalls to 'fix' this architectural oversight" is gonna get added to a
  filter list... :)

References:
- [Full-Disclosure] IIS 5.0 random/fixed TCP/UDP ports
  - From: "thalm" <thalm@netcabo.pt>
- Re: [Full-Disclosure] IIS 5.0 random/fixed TCP/UDP ports
  - From: Jean-Baptiste Marchand <jbm@hsc.fr>
- Re: [Full-Disclosure] IIS 5.0 random/fixed TCP/UDP ports
  - From: Frank Knobbe <frank@knobbe.us>

Prev by Date: Re: [Full-Disclosure] Feeding Stray Cats
Next by Date: [Full-Disclosure] [Full-Disclosure]: Attempt to steal paypal password
Previous by thread: Re: [Full-Disclosure] IIS 5.0 random/fixed TCP/UDP ports
Next by thread: [Full-Disclosure] [RHSA-2003:323-01] Updated Ethereal packages fix security issues
Index(es):
- Date
- Thread