DNS client, DHCP client, DLL preloading attacks?

Discussion in 'other security issues & news' started by exus69, Sep 23, 2011.

Thread Status:
Not open for further replies.
  1. exus69

    exus69 Registered Member

    Joined:
    Mar 15, 2009
    Posts:
    160
    Hello everyone,

    This question came up after coming across this link:
    http://rationallyparanoid.com/articles/consistently-vulnerable-systems.html

    What can be done to mitigate the problem in bold?? The above para shows updating Windows will solve the problem.
    But what about defending against 0 day exploits against those in bold?
    Is EMET, Sandboxie, NIS 2011, FF(NoScript+Adblock Plus), LUA, SRP enough or I need to add something more to it??

    Please help
     
    Last edited: Sep 23, 2011
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    For the second sentence: anti-executable software that includes DLL control.
     
  3. exus69

    exus69 Registered Member

    Joined:
    Mar 15, 2009
    Posts:
    160
    Can I use SRP instead of Anti Executable? And what about
    protection against 0 days attacks against DNS Client, DHCP client,
    NTP Client and Software Update Service?
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,515
    Change enforcement to all software files, or add .dll to designated file types for SRP. Exploit should not be successful within Sandboxie. NIS should detect many of them via signatures. Lastly, there's LUA to limit it.
     
  5. exus69

    exus69 Registered Member

    Joined:
    Mar 15, 2009
    Posts:
    160
    Hi J_L we posted almost at the same time. What about the 2nd question in post #3?
     
  6. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    When I mentioned "anti-executable software" I meant SRP, AppLocker, etc. :).
     
  7. exus69

    exus69 Registered Member

    Joined:
    Mar 15, 2009
    Posts:
    160
    Ohk, thanks MrBrian and what about the 2nd question in post #3?
     
  8. wat0114

    wat0114 Guest

    Maybe disable DNS Client service and DHCP, use a static IP address instead and if using an application control firewall, you would assign the dns rule to all your web-facing apps instead. You probably don't need to do this, however, if you enforce strict SRP, AppLocker or other type of anti-executable rules. Remember, if it can't execute, it can't harm.
     
Loading...
Thread Status:
Not open for further replies.