[NTLUG:Discuss] A Vulnerability question
Wes Mills
wesmills at microsoft.com
Mon Oct 8 09:24:18 CDT 2001
Answers inline, hope they help ..
Wes
-----Original Message-----
From: Dennis Myhand [mailto:dmyhand at cox-internet.com]
Sent: Monday, October 08, 2001 7:14 AM
To: discuss at ntlug.org
Subject: [NTLUG:Discuss] A Vulnerability question
Okay, I realize this may be a very simplistic sounding question, BUT...
Whenever there is a vulnerability announced, such as for BIND, or
another such program (Like everything on my wife's Winderz machine), am
I vulnerable if I,
1.) Am not running that program, like not even configured but on my
system?,
>> If you are not running the program at all, you are not vulnerable,
since the exploit takes advantage of a weakness in that particular bit
of code.
2.) Am running a firewall and not running that program, same situation
as 1?,
>> Same as #1, regardless of firewalling. You'll see why in #3.
3.) Or am simply running a firewall with that program running?
>> Unless you are filtering the program's inbound/outbound connections
to the rest of the world, and are filtering for the exploit, you will
likely be vulnerable. Reason why is all your firewall can do is say
"Hmm, connection on udp/53, should I allow it? Yup, access tables say
it's OK, pass all data through." The exploit is sending data to that
program that causes that program to have fits, not your firewall.
TNX, Dennis in Victoria
---
Wes Mills
Microsoft Texas Enterprise Messaging Support
+1 469 775-8959 - 9AM-6PM Central
wesmills at microsoft.com
**Disclaimer: This is a personal message and is not official tech
support.
These opinions and statements are my own, not those of my employer.**
More information about the Discuss
mailing list