Thursday, November 13, 2008

MS08-068 - anti-smbrelay?

Ok, this is kind of a lame post because I'm gonna give you links to posts made by other people, but oh well, I felt like sharing what I'd found and I'm posting links and not reposting anything, so it should be fine :).

I was looking for information about how MS08-068 tried to prevent the smbrelay attack (or "SMB credentials reflection attack" as MS likes to call it) and the best post I found was this one from metasploit's blog:

http://blog.metasploit.com/2008/11/ms08-067-metasploit-and-smb-relay.html

I also find interesting the following posts:

http://blogs.technet.com/swi/archive/2008/11/11/smb-credential-reflection.aspx

http://blogs.technet.com/msrc/archive/2008/11/11/ms08-068-and-smbrelay.aspx

Anyways, I haven't verified any of the things said in these posts, so "trust, but verify".

1 comment:

Ron said...

For what it's worth, I did my own writeup of the flaw:
http://www.skullsecurity.org/blog/?p=110

Ron