Re: Windows File Sharing: Facing The Mystery

Forums » Up and Running » Security » Security » Windows File Sharing: Facing The Mystery


Share Topic:	RSS topic:	toggle: flat / full normal / watch	Posting:	Post a:	Post a:

Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal

turning off Windows FW when running ZAP »
« This one is starting to wear me out.....

ghost16825
Use security metrics
Premium
join:2003-08-26

Re: Windows File Sharing: Facing The Mystery

Great article. But just one point I'd like to make which I didn't see. Sure, Steve Gibson sensationalises things and has little in the way of helpful factual information. But the main reason why these services are dangerous, is usually not for their file enumeration ability nor their file sharing capabilities. It's the fact that they are (often by default) a running service with open ports as a consequence - which by itself implies that they will inevitably be vulnerable to buffer overflows from certain created input. Plus the fact that these services are difficult to "turn off" completely on Windows machines. And this goes for almost any service with remote functionality, including those on UNIX machines. (Unix has had its share of RPC security issues). Most security issues arise not because of the functionality or abuse of the functionality itself, but from input bounds-checking issues which allow buffer overflows and consequently malware to be executed remotely.
--
Admin of the Kerio 2x-like open source project:
http://sourceforge.net/projects/kerio/
http://kerio.sourceforge.net/

permalink · 2005-04-07 06:32:24 · Print ·

Daniel
Premium,MVM
join:2000-06-26
Pleasanton, CA
clubs:

Re: Windows File Sharing: Facing The Mystery

said by ghost16825

:

Great article. But just one point I'd like to make which I didn't see. Sure, Steve Gibson sensationalises things and has little in the way of helpful factual information. But the main reason why these services are dangerous, is usually not for their file enumeration ability nor their file sharing capabilities. It's the fact that they are (often by default) a running service with open ports as a consequence - which by itself implies that they will inevitably be vulnerable to buffer overflows from certain created input.

Definitely. The focus here, however, was to say on the networking side of things with a slant towards security. In other words, I wanted to discuss the file sharing technologies themselves and not go into the much larger subject of securing a Windows machine in a more general sense.

I was going to go down that path, but it would have become much more than a couple hours woth of article in a hurry. I wrote most of this while watching some little Panda movie on T.V. with my girlfriend. That wouldn't be possible if I had expanded the scope any. Thanks for the comments though; I see what you mean.
--
dmiessler.com - grep understanding knowledge

permalink · 2005-04-07 12:00:13 · Print ·

your comment..

Forums » Up and Running » Security » Security	turning off Windows FW when running ZAP » « This one is starting to wear me out.....


Friday, 04-Dec 10:29:18	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. republican-creole page compression OFF