Jump to content
Do Not Sell My Personal Information

Steve Ratcliffe

Registered Member
  • Posts

  • Joined

  • Last visited

Everything posted by Steve Ratcliffe

  1. I'm up for that and can convoy from leicester!
  2. Thanks guys its good to be back! Steve. :D
  3. Right folks, I have the following kit that I was reserving for future projects, changed my mind, sticking with the stock kit in the Lexus (it's good enough): JL Audio 12W6V2 12" Subwoofer house in 1" thick MDF box, fully carpeted in acoustic carpet, terminal plate, ready to drop into most cars as small enclosure size. Dual voice coils. Run in nicely, this packs the same punch that 3 x 12" normally would but at 10 times the quality. Not been abused - includes Phoenix Gold Pro-Dual Connector and 4 Meters Phoenix Gold High Grade S?ub Cable £380 (£580 New 6 Months Ago). JL Audio XR650 Mid Bass Drivers (6.5") Brand New Never even got round to installing these. £200 (£250 New 1 Month ago - never even installed!!) JL Audio XR 525CSI 5" Coaxial Speaker System with XR Series Crossovers. 1 Year old, run in nicely, No abuse. £150 (£280 New). JL Audio 300/4 Top of the range 4 channel power amplifier. This is boxed and packaged as new, 1 month old, never even powered up, possibly one of the very few best 4 channel amplifiers money can buy! £540 (£590 New 1 Month ago, never used) Rockford Fosgate BD500e Mono Bass Amplifier. Fantastic Class D Sub Amp with remote punch bass control. 10 Months Old, very nice amplifier. £180 (£300 New) Alpine CDA-9815RB Head Unit - Used for approx 2 Months. Top Spec, 60W per channel, CD, AiNet Control, RDS Radio, Dual Line Display, 3 5v Pre-Outs. £260 (£320 New) Alpine MP3 Changer Ai-Net 6 Disk £100 (£175 New) Pheonix Gold Pro Line Driver, this unit boosts RCA output from the headunit to around 8v - use this on your front channels for outstanding mid-bass from your front speaker setup. £60 (£100 New) Phoenix Gold Power Distribution system comprising of: 5m length red 4 gauge power cable, 2m length of red 4 gauge power cable, 3 x 1m length of black 4 gauge power cable, 1 x 4 way fused distribution block, 1 x 4 way negative distribution block, 1 x 100Amp circuit braker. Various cables have lugs crimped and soldered, also a selection of unused gold terminals - all genuine PG expensive kit! Includes selection of accessory wire, relays, fueses, fuse holders etc etc £120 (Approx £300 Worth) Pheonix Gold 1Farad 25v Power Capacitor £90 (£170 New) RCA Cables - 3 x 5m Pheonix Gold Twinshield True Balanced Directional Cables. £60 (£90 New) There will be more on this list just as soon as I work through all the kit I have. All this equipment for sale is in as-new condition, I look after all of my equipment and do not do cheap bodge job installations. Some of this kit is new and never used - items i have stated. I have boxes for 90% of this and can provide proof of purchase for everything. Cheers, Steve.
  4. Hi All, After an interesting few months in Canada I have decided to return to the UK to my family and friends, and of course TOC - and more appropriatly now LOC! I will post some photos from my trip and a few good stories I've got shortly. Since my return to the UK last weekend I have visited the nice gentlemen at Lexus in Leicester and aquired myself an 03 plate IS200 Sport in Platinum ICE Metalic with the 18" Rims, Styling Kit, DVD Sat Nav and a few other goodies thrown in. Looking forward to meeting all you guys again at the next joint LOC/TOC meet. Cheers, Steve.
  5. Hi all, The speakers are gone but the reat is still for sale! I also have a set of four interior Neon tubes, good quality ones by Autoleads - £10 a peice (£25 new). Cheers, Steve.
  6. No still trying to attract a quick sale with it as running out of time.
  7. Pre-Face Lift Model, 19000 Miles, All the usual plus TTE Sports Suspension, Satelite Navigation System, Protection Pack & Supaguard. £8800 ONO Must sell by the end of next week. Cheers, Steve.
  8. JL Audio 5.25" Co axial Speaker System with Yaris Custom Build Door Mounts, Crossovers, Box etc etc. £150.00 (£300 New). Clifford Concept 300 Cat 1 Alarm System, All looms and accessories included, such as valet code switch, status LED, bonnet switch, long range antenna, dual zone proximity sensor with zoned size adjustment control panel (this was £150 optional extra), glass tampor sensor, remotes and self powered smart siren unit. £175.00 (£480.00 New). Clifford Smart Windows 4, will add onto most clifford concept alarm systems, allows you to control vehicles power windows from the remote control, also closes the windows when the alarm is set, and alows you to vent them slightly after alarming. Includes looms. £80.00. Clifford IntelliStart 4, will add onto most concept alarm systems, allows you to start the engine and accessory circuits from your remote, also feature include holiday mode whwere engine starts itself when battery runs low or weather very cold over night. All looms included. £120.00 Cheers, Steve.
  9. Yes beer and grub is always a result! Whats this Vectra all about - I was more impressed with the idiot in the Astra estate that managed to get cleaned up joining the motorway just in front of us! Steve.
  10. night time cruise? - come to swansea - thats where i am that weekend!
  11. You have it wired wrongly then - there should be a four pin plug on the end of a long loom that goes to your rear speakers - then you should have a converter lead that enables you to double up the two front sets of speakers, and put the rears on their own. Once connected correctly the fader should fade between front (dash and doors) and rear. Steve.
  12. The Rockford bd500 is renowned for shorting against it's own heatsink! Listen to the amp it's self, is it making a high pitched whistling sound whenever powered up? Check your solder joints also - if you've got dry connections the resistance will be massive and could cause problems. Cheers, Steve.
  13. 1. with this setup will my paseo pump Depends what you mean by pump, JL speakers are all good, although the 10W3 is renowned for SPL performance over audio quality, it's still only 10" surface area, so if your looking for earth shattering deep thunderous bass - get two more! 2. how much db yous reckon ill be getting Nothing special - sorry. 3. will this be loud enough Depends what you want - again it will only perform really well if its doing what it does best, 10" woofers do fast moving beat lines very well, but don't drop as low as 12 or 15's. 300w RMS is a fair power output, and with the JL / amp you will have no problems driving it. 4. will it be bassy Again, its good as far as 10" woofers go. 5. what specs should i do for the box WxHxTopxBottom = 376x353x154x260 Cheers, Steve.
  14. Take your villen lock off the steering wheel.....
  15. I have to disagree on the doors.... Take the door cards off, drille the three rivets that hold the standard builds into the door - take these out and save the complete units. You are left with a hole in the door and three mounting holes. make mdf spacer and bolt it to the holes in the door, then mount your speaker in the mdf spacer. Getting the wires through the door grommets - un fasten the door grommet at each end - streighted out a coat hanger and feed it through, tape your wires to the end and pull them back through. Just make sure you get them the rtight side of the glass supports. I got two big speaker cables and 6 lengths of electrical cable through each side so there's plenty of room. When your mounting the speakers, keep trying the windows and make sure they dont catch - depth to the glass is the main problem! Good luck mate! I've had 5" JL's in the doors, and 6" MB Quarts so good setup is achivable - one thing i will say while you have your door cards off is use a good couple of rolls dynamat on each door, a load of foam seal on the bits that rattle and your doors will be a lot quieter, and wont rattle and have that problem where people move the window up and down to stop the rattle. Cheers Steve.
  16. You can do it - I had to pick up and RPM pulse from the enginer for my IntelliStart - I will have a look and see what wiring I used. Cheers. Steve.
  17. Clifford do all of these things :D lt me know what sort of thing you want and what cash you have ot spend and i will spec it up for you. Cheers, Steve.
  18. Private plate for the car me thinks..... Want my inicials in it, which are SJR. Car is yaris TSport, so i though the following ideas.... T50 SJR - make the 5 look a little like an S as in TS ...port - then maybe seperate the 0 so it looks like.... T5 0 SJR. Thaughts and suggestions anyone?
  19. My ICE Insurance is coming up for renewal - anyone got any suggestions? Cheers, Steve.
  20. If you chip the car first with the factory intake and exhaust in place, you wont get your 20bhp increase, you will find that the 20bhp increase is quoted based on the target car having a optimum "free flowing" exhaust and intake setup. If you have the factory stuff these are limiting the engines performance, so other mods will not be so effective. My view anyway. Cheers, Steve.
  21. No mate he was having a joke with you - I'm guessing you are American - hence taking offence at his comment due to your complete lack of understanding for humour, sarcasm in perticular. It's a very good forum in answer to your question, just no-one has had time to reply just yet - which doesnt surprise me as we have been very quiet since late last week. Cheers, Steve.
  22. Easiest way to get rid of this as follows: Download from Symantec website their removal tool, this removes the registry entries, the files, processes etc etc. Then install either SP4 for windows 2000 or SP1 for Windows XP. You will then need to install the Microsoft MS03-026 RPC Vulnerablity Security Patch. This will stop the worm infecting your systems again. Then update your virus definitions. Ryan - you can just block ports 69, 135 and 4444 and this will stop the worm traffic. This security hole was first found in June and the MS03-026 patch has been around since early July, the report at the bottom of this mail first published on 16th July, so no blame can be laid on microsoft really, this worm exploits the fact that people don't keep their systems up to date. Having said that, I did a bit of reverse engineering on the msblast executable and there are comments in the code at the bottom that say somthing like - "Bill, stop making too much money and sort your F**king software out".... lol The security hole effects Windows NT4, 2000, XP and Server 2003 - check out the Microsoft Report on MS03-026 after this virus report. Full Virus Report: Virus Information Name: W32/Lovsan.worm Risk Assessment - Home Users: Medium-On-Watch - Corporate Users: Medium-On-Watch Date Discovered: 8/11/2003 Date Added: 8/11/2003 Origin: Unknown Length: 6,176 bytes Type: Virus SubType: Internet Worm DAT Required: 4284 Virus Characteristics This threat was proactively detected as a variant of Exploit-DcomRpc with the 4283 DAT files and 4.1.60+ scan engine. This detection requires the scanning of compressed executables to be enabled (VirusScan 7 provides the ability to disable this option, however it is enabled by default). This threat exploits the MS03-026 vulnerability. The purpose of the virus is to spread to as many machines as possible. By exploiting an unplugged hole in Windows, the virus is able to execute without requiring any action on the part of the user. The worm also creates a remote access point, allowing an attacker to run system commands at their choosing. When run, it scans a random IP range to look for vulnerable systems on TCP port 135. The worm attempts to exploit the DCOM RPC vulnerability on the found systems to create a remote shell on TCP port 4444. It then instructs the system to download the worm to the %WinDir%\system32 directory and execute it. (The target system is issued a TFTP command to downloads the worm from the infected host system [TFTP UDP port 69]. Once run, the worm creates the registry key (may be either of the following): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run "windows auto update" = msblast.exe I just want to say LOVE YOU SAN!! bill This will appear in regedit as: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run "windows auto update" = msblast.exe Indications of Infection - Presence of unusual TFTP* files - Presence of the file msblast.exe in the WINDOWS SYSTEM32 directory - Error messages about the RPC service failing (causes system to reboot) - The worm randomly opens 20 sequential TCP ports for listening. This is a constantly revolving range (ie. 2500-2520, 2501-2521, 2502-2522). The purpose of this action is unknown Method of Infection This worm spreads by exploiting a recent vulnerability in Microsoft Windows. The worm scans random ranges of IP addresses on port 135. Discovered systems are targeted. Exploit code is sent to those systems, instructing them to download and execute the file MSBLAST.EXE from a remote system via TFTP. The worm contains a payload to initiate a Denial of Service attack against windowsupdate.com. Computers that have up-to-date antivirus software will detect the worm executable upon download. However, unless the system has been (MS03-026) patched, it is susceptible to the buffer overflow attack. This means that the remote shell will still get created on TCP port 4444, and the system may unexpectedly crash due upon receiving malformed exploit code. Removal Instructions All Users: Use the 4284 DAT files for detection an removal. The 4283 DAT files will detect this threat as a variant of Exploit-DcomRpc. Infected systems must be patched prior to removal of the virus (see below). Alternatively, the following EXTRA.DAT packages are available. EXTRA.DAT SUPER EXTRA.DAT Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher). Microsoft Patches It is imperative that infected systems are patched prior to disinfecting a system. Some systems may be in a “crash loop” where each time the system is restarted, SVCHOST.EXE crashes and the user has 60 seconds before the system restarts. This action can continue to happen even after the virus is removed if the patch is not applied. Ensure that your system is not at risk from this exploited vulnerability: Apply the MS03-026 patch to all vulnerable systems. Stand alone remover Stinger has been updated to include detection/removal of this threat. Sniffer Customers: Download a Sniffer filter to detect W32/Lovsan.worm traffic (Sniffer Distributed 4.3 and Sniffer Portable 4.7.5). Manual Removal Instructions To remove this virus "by hand", follow these steps: Apply the MS03-026 patch Terminate the process msblast.exe Delete the msblast.exe file from your WINDOWS SYSTEM32 directory (typically c:\windows\system32 or c:\winnt\system32) Edit the registry Delete the "windows auto update" value from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Additional Windows ME/XP removal considerations Aliases msblast.exe, tftp, W32.Blaster.Worm (Symantec), Win32.Poza (CA), WORM_MSBLAST.A (Trend) Microsoft Report on MS03-026 Security Vulnerability in RPC Service Buffer Overrun In RPC Interface Could Allow Code Execution (823980) Originally posted: July 16, 2003 Revised: August 12, 2003 Summary Who should read this bulletin: Users running Microsoft ® Windows ® Impact of vulnerability: Run code of attacker’s choice Maximum Severity Rating: Critical Recommendation: Systems administrators should apply the patch immediately End User Bulletin: An end user version of this bulletin is available at: http://www.microsoft.com/security/security...ns/ms03-026.asp. Affected Software: Microsoft Windows NT® 4.0 Microsoft Windows NT 4.0 Terminal Services Edition Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server™ 2003 Not Affected Software: Microsoft Windows Millennium Edition Technical details Technical description: Microsoft originally released this bulletin and patch on July 16, 2003 to correct a security vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface. The patch was and still is effective in eliminating the security vulnerability. However, the “mitigating factors” and “workarounds” discussions in the original security bulletin did not clearly identify all of the ports by which the vulnerability could potentially be exploited. We have updated this bulletin to more clearly enumerate the ports over which RPC services can be invoked, and to ensure that customers who have chosen to implement a workaround before installing the patch have the information that they need to protect their systems. Customers who have already installed the patch are protected from attempts to exploit this vulnerability, and need take no further action. In addition, the bulletin has also been updated to include information about Windows 2000 Service Pack 2 support for this patch. Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly execute code on a remote system. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions. There is a vulnerability in the part of RPC that deals with message exchange over TCP/IP. The failure results because of incorrect handling of malformed messages. This particular vulnerability affects a Distributed Component Object Model (DCOM) interface with RPC, which listens on RPC enabled ports. This interface handles DCOM object activation requests that are sent by client machines to the server. An attacker who successfully exploited this vulnerability would be able to run code with Local System privileges on an affected system. The attacker would be able to take any action on the system, including installing programs, viewing changing or deleting data, or creating new accounts with full privileges. To exploit this vulnerability, an attacker would need to send a specially formed request to the remote computer on specific RPC ports. Mitigating factors: To exploit this vulnerability, the attacker would require the ability to send a specially crafted request to port 135, 139, 445 or 593 or any other specifically configured RPC port on the remote machine. For intranet environments, these ports would normally be accessible, but for Internet connected machines, these would normally be blocked by a firewall. In the case where these ports are not blocked, or in an intranet configuration, the attacker would not require any additional privileges. Best practices recommend blocking all TCP/IP ports that are not actually being used, and most firewalls including the Windows Internet Connection Firewall (ICF) block those ports by default. For this reason, most machines attached to the Internet should have RPC over TCP or UDP blocked. RPC over UDP or TCP is not intended to be used in hostile environments such as the Internet. More robust protocols such as RPC over HTTP are provided for hostile environments. To learn more about securing RPC for client and server please refer to http://msdn.microsoft.com/library/default....t_or_server.asp. To learn more about the ports used by RPC, please refer to: http://www.microsoft.com/technet/prodtechn...rt4/tcpappc.asp Severity Rating: Windows NT 4.0 Critical Windows NT 4.0 Terminal Server Edition Critical Windows 2000 Critical Windows XP Critical Windows Server 2003 Critical The above assessment is based on the types of systems affected by the vulnerability, their typical deployment patterns, and the effect that exploiting the vulnerability would have on them. Vulnerability identifier: CAN-2003-0352 Tested Versions: Microsoft tested Windows Me, Windows NT 4.0, Windows NT 4.0 Terminal Services Edition, Windows 2000, Windows XP and Windows Server 2003, to assess whether they are affected by this vulnerability. Previous versions are no longer supported, and may or may not be affected by this vulnerability. Frequently asked questions Why have you revised this bulletin? Subsequent to the release of this bulletin Microsoft has been made aware that additional ports involving RPC can be used to exploit this vulnerability. Information regarding these additional ports has been added to the mitigating factors and the Workaround section of the bulletin. If I have installed the patch provided with the original bulletin, am I still protected? Yes. There has been no update to the patch itself, and the patch will still correct the vulnerability. This additional information is being provided to those customers who may require a temporary workaround until they can apply the patch. Is the patch supported on Windows 2000 Service Pack 2? This security patch will install on Windows 2000 Service Pack 2. However, Microsoft no longer supports this version, according to the Microsoft Support Lifecycle policy found at http://support.microsoft.com/lifecycle. In addition, this security patch has only received minimal testing on Windows 2000 Service Pack 2. Customers are strongly advised to upgrade to a supported service pack as soon as possible. Microsoft Product Support Services will support customers who have installed this patch on Windows 2000 Service Pack 2 if a problem results from installation of the patch. What’s the scope of the vulnerability? This is a buffer overrun vulnerability. An attacker who successfully exploited this vulnerability could gain complete control over a remote computer. This would give the attacker the ability to take any action on the server that they want. For example, and attacker could change Web pages, reformat the hard disk, or add new users to the local administrators group. To carry out such an attack, an attacker would require the ability to send a malformed message to the RPC service and thereby cause the target machine to fail in such a way that arbitrary code could be executed. What causes the vulnerability? The vulnerability results because the Windows RPC service does not properly check message inputs under certain circumstances. This particular failure affects an underlying Distributed Component Object Model (DCOM) interface, which listens on RPC enabled ports. By sending a malformed RPC message, an attacker could cause the RPC service on a machine to fail in such a way that arbitrary code could be executed. interface with RPC on the remote machine to fail in such a way that arbitrary code could be executed. What is DCOM? The Distributed Component Object Model (DCOM) is a protocol that enables software components to communicate directly over a network. Previously called "Network OLE," DCOM is designed for use across multiple network transports, including Internet protocols such as HTTP. More information about DCOM can be found at the following website: http://www.microsoft.com/com/tech/dcom.asp What is RPC (Remote Procedure Call)? Remote Procedure Call (RPC) is a protocol that a program can use to request a service from a program located on another computer in a network. RPC helps with interoperability because the program using RPC does not have to understand the network protocols that are supporting communication. In RPC, the requesting program is the client and the service-providing program is the server. What is COM Internet Services (CIS) and RPC over HTTP? Component Object Model (COM) Internet Services (CIS) introduced support for the Distributed COM (DCOM) transport protocol known as Tunneling Transmission Control Protocol (TCP) that allows DCOM to operate over TCP port 80. CIS and it’s follow-on, RPC over HTTP, allows a client and a server to communicate in the presence of most proxy servers and firewalls, thereby enabling COM-based Internet scenarios. How do I know if I have CIS installed? The best way to determine if you have CIS or RPC over HTTP installed on the computer is to search your computer for the file rpcproxy.dll. If the file is found, then CIS is installed on the computer. To search for a specific file on your computer: Start--> Run-->Search--> For Files or Folders… and enter the name of the file your are looking for. It may take a few minutes for the search to run, depending on the size of your hard drive. What's wrong with Microsoft’s implementation of Remote Procedure Call (RPC)? There is a flaw in a part of RPC that deals with message exchange over TCP/IP. A failure results because of incorrect handling of malformed messages. This particular failure affects an underlying DCOM interface, which listens on TCP/IP port 135, and can be reached via ports 139, 445 and 593. By sending a malformed RPC message, an attacker could cause the RPC service on a machine to fail in such a way that arbitrary code could be executed. Is this a flaw in the RPC Endpoint Mapper? No - The flaw actually occurs in a low level DCOM interface within the RPC process. The RPC endpoint mapper allows RPC clients to determine the port number currently assigned to a particular RPC service. An endpoint is a protocol port or named pipe on which the server application listens to for client remote procedure calls. Client/server applications can use either well-known or dynamic ports. Security Bulletin MS03-010 also involved RPC yet you could not fix that vulnerability on Windows NT 4.0. How were you able to fix this vulnerability on Windows NT 4.0? The flaw in this case lies in an underlying DCOM interface to RPC, and not the overall RPC implementation or the RPC Endpoint Mapper itself. As a result, it was possible to address this vulnerability in Windows NT 4.0 without needing to rearchitect significant portions of the Windows NT 4.0 operating system, as would have been required by a Windows NT 4.0 patch for security bulletin MS03-010. What could this vulnerability enable an attacker to do? An attacker who successfully exploited this vulnerability would be able to run code with Local System privileges on an affected system. The attacker would be able to take any action on the system, including installing programs, viewing changing or deleting data, or creating new accounts with full privileges. How could an attacker exploit this vulnerability? An attacker could seek to exploit this vulnerability by programming a machine that could communicate with a vulnerable server over RPC to send a specific kind of malformed RPC message. Receipt of such a message could cause the RPC service on the vulnerable machine to fail in such a way that it could execute arbitrary code. Who could exploit the vulnerability? Any user who could deliver a TCP request to an RPC interface to an affected computer could attempt to exploit the vulnerability. Because RPC requests are on by default in all versions of Windows, this in essence means that any user who could establish a connection with an affected computer could attempt to exploit the vulnerability. It could also be possible to access the affected component through another vector, such as one that would involve logging onto the system interactively or by using another application similar that passed parameters to the vulnerable component either locally or remotely. What does the patch do? The patch corrects the vulnerability by altering the DCOM interface to properly check the information passed to it. Workarounds: Are there any workarounds that can be used to help block exploitation of this vulnerability while I am testing or evaluating the patch? Yes. Although Microsoft urges all customers to apply the patch at the earliest possible opportunity, there are a number of workarounds that can be applied to help prevent the vector used to exploit this vulnerability in the interim. There is no guarantee that the workarounds will block all possible attack vectors. It should be noted that these workarounds should be considered temporary measures as they just help block paths of attack rather than correcting the underlying vulnerability. Block UDP ports 135, 137, 138, 445 and TCP ports 135, 139, 445, 593 at your firewall and disable COM Internet Services (CIS) and RPC over HTTP, which listen on ports 80 and 443, on the affected machines. These ports are used to initiate an RPC connection with a remote computer. Blocking them at the firewall will help prevent systems behind that firewall from being attacked by attempts to exploit these vulnerabilities. You should also be sure and block any other specifically configured RPC port on the remote machine. If enabled, CIS and RPC over HTTP allow DCOM calls to operate over TCP ports 80 (and 443 on XP and Windows Server 2003). Make sure that CIS and RPC over HTTP are disabled on all the affected machines. More information on how to disable CIS can be found in Microsoft Knowledge Base Article 825819. For information regarding RPC over HTTP, see http://msdn.microsoft.com/library/default....tp_security.asp. Use Internet Connection Firewall (only available on XP and Windows Server 2003) and disable COM Internet Services (CIS)and RPC over HTTP, which listen on ports 80 and 443, on the affected machines. If you are using the Internet Connection Firewall in Windows XP or Windows Server 2003 to protect your Internet connection, it will by default block inbound RPC traffic from the Internet. Make sure that CIS and RPC over HTTP are disabled on all affected machines. More information on how to disable CIS can be found in Microsoft Knowledge Base Article 825819. For information regarding RPC over HTTP, see http://msdn.microsoft.com/library/default....tp_security.asp. Block the affected ports using an IPSEC filter and disable COM Internet Services (CIS) and RPC over HTTP, which listen on ports 80 and 443, on the affected machines. You can secure network communications on Windows 2000-based computers if you use Internet Protocol Security (IPSec). Detailed information on IPSec and how to apply filters can be found in Microsoft Knowledge Base Article 313190 and 813878. Make sure that CIS and RPC over HTTP are disabled on all affected machines. More information on how to disable CIS can be found in Microsoft Knowledge Base Article 825819. For information regarding RPC over HTTP, see http://msdn.microsoft.com/library/default....tp_security.asp. Disable DCOM on all affected machines When a computer is part of a network, the DCOM wire protocol enables COM objects on that computer to communicate with COM objects on other computers. You can disable DCOM for a particular computer to help protect against this vulnerability, but doing so will disable all communication between objects on that computer and objects on other computers. If you disable DCOM on a remote computer, you will not be able to remotely access that computer afterwards to re-enable DCOM. To re-enable DCOM, you will need physical access to that computer. Information on how to disable DCOM is available in Microsoft Knowledge Base Article 825750. Note: For Windows 2000, the methods described above to disable DCOM will only work on systems running Service Pack 3 or later. Customers using Service Pack 2 or below should upgrade to a later Service Pack or use one of the other workarounds. Cheers - sorry about monster post... Steve.
  • Create New...