McBurnett, Jim wrote:
I hate top posting, but I want to make sure to get this out of the way first.
I was not trying to defend Microsoft. I meant to point out,
JUST BECAUSE YOU ARE NOT USING MICROSOFT DOES NOT MEAN THAT YOU ARE SAFE!
Bugs happen. Vulnerabilities happen. Worms happen. This
On Wed, 13 Aug 2003, Len Rose wrote:
Hi.. just think if the billions of dollars being spent on M$
products could have been funneled into open source projects.
To reinforce the point in the most blunt manner possible:
No one had ever better dare postulate that the inherent reason
for
On Thu, Aug 14, 2003 at 02:17:08PM +0100, [EMAIL PROTECTED] wrote:
On Thu, 14 Aug 2003, St. Clair, James wrote:
Cars did not become more popular because owners had to learn how to swap
more parts.
The good ole computers as cars metaphor. In the UK:
1) In order to drive a car,
On Wed, 13 Aug 2003, Iljitsch van Beijnum wrote:
It's not the same thing. RFC 1918 and martian addresses aren't supposed
to be present on the internet, but aren't automatically harmful. Having
services that are explicitly labeled for internal use be visible to the
rest of the world is
On Wed, 13 Aug 2003, Mans Nilsson wrote:
Even in an imperfect world, the solution lies in the edge, not even
the CPE, but the end node, if you want to do more than pathetic
bandaiding of the inherent problem of insecure applications on end
nodes.
This is the point, atleast I, have been
John Markoff reports in the New York Times that Microsoft plans to change
how it ships Windows XP due to the worm. In the future Microsoft will
ship both business and consumer verisons of Windows XP with the included
firewall enabled by default.
on 8/14/2003 9:29 AM Sean Donelan wrote:
John Markoff reports in the New York Times that Microsoft plans to change
how it ships Windows XP due to the worm. In the future Microsoft will
ship both business and consumer verisons of Windows XP with the included
firewall enabled by default.
Apple have the right idea... I'd say all the vendors need to take a
carefully balanced approach to security in the default configurations of
their software. Leave services exposed to the network disabled by default,
where possible.
By all means, configure firewalls by default to block all
Jack Bates Wrote:
I have no affiliation with Microsoft, nor do I care about their services
or products. What I do care about is a worm that sends out packets
uncontrolled. If there is the possibility that this planned DOS will
cause issues with my topology, then I will do whatever it takes
At 10:46 AM 8/14/2003, Joshua Sahala wrote:
Sean Donelan [EMAIL PROTECTED] wrote:
John Markoff reports in the New York Times that Microsoft plans to change
how it ships Windows XP due to the worm. In the future Microsoft will
ship both business and consumer verisons of Windows XP with the
However the new microsoft policy will help protect the network from Joe
and Jane average who buy a PC from the closest big box store and hook it
up to their cable modem so they can exchange pictures of the kids with the
grandparents in Fla. This is the class of users who botnet builders
On Wed, 13 Aug 2003, Stephen J. Wilcox wrote:
Or the dumb [wannabee] IT guy runs some telnet/ftp/filesharing service without
passwords and its ok for the whole world to access the private system coz its
his fault?
there are other actions to be taken... termination being high on that
list.
On Thu, 14 Aug 2003, Jack Bates wrote:
John Neiberger wrote:
Hmm...I didn't even know XP had a built-in firewall. Any bets on how
long it is before other companies with software firewall products bring
suit against Microsoft for bundling a firewall in the OS?
--
No clue, but I can
Hi.. just think if the billions of dollars being spent on M$
products could have been funneled into open source projects.
To reinforce the point in the most blunt manner possible:
No one had ever better dare postulate that the inherent reason
for all of the vulnerabilities in Micro$oft
All,
What is everyone doing, if anything, to prevent the apparent upcoming
DDoS attack against Microsoft? From what I've been reading, and what
I've been told, August 16th is the apparent start date...
We're looking for some solution to prevent wasting our network
resources
On Thu, 14 Aug 2003, Eric A. Hall wrote:
Wouldn't it make more sense to ship with all of the services disabled?
I mean, if the role of the firewall is to block packets to weak services,
wouldn't it be simpler to just disable the damn services since they aren't
going to be usable anyway?
Richard Cox wrote:
On Thu, 14 Aug 2003 16:07 UTC, Eric A. Hall [EMAIL PROTECTED] wrote:
| Wouldn't it make more sense to ship with all of the services disabled?
Yes it would - at least to US - but that would inevitably create a load
for the Support desk. However as Microsoft charge for
The checkpoint and Pix Boxen are what we use here. But we also use
ipchains to secure things at a host level.
Scott C. McGrath
On Thu, 14 Aug 2003, Drew Weaver wrote:
ipchains and similar firewalls are indeed far superior. I manage real
firewalls as part of
On donderdag, aug 14, 2003, at 17:45 Europe/Amsterdam, Christopher L.
Morrow wrote:
No answer on that one, However Mac OS X also includes a built in
firewall.
yes, with fairly a simple method to add listening services to it...
though
it seems the 'listening service' might have to register
On Wed, 13 Aug 2003, Crist Clark wrote:
Attacks _are_ on Linux machines. There have been Linux worms, Lion attacked
BIND, Ramen attacked rpc.statd and wu-ftpd, Slapper attached Apache, to
name a few. Attacks are on Solaris, the sadmin/IIS worm (which also attacked
IIS, a cross-platform worm,
John Neiberger wrote:
Hmm...I didn't even know XP had a built-in firewall. Any bets on how
long it is before other companies with software firewall products bring
suit against Microsoft for bundling a firewall in the OS?
--
No clue, but I can tell you how long it will last before
On Wed, 13 Aug 2003, John Obi wrote:
I can't open www.microsoft.com ,
windowsupdate.microsoft.com and www.msn.com very slow.
Check your processlist. My money is on msblast.exe already running on your
machine.
Gerald
On Wed, Aug 13, 2003 at 04:09:05PM -0700, [EMAIL PROTECTED] said:
These kinds of inflated damages estimates are dubious at best.
If you've lost that much productivity, odds are you should be pointing
fingers at inapropriate redundancy and planning/procedures in your
computing facilities and
http://www.dslreports.com/forum/remark,7652257~root=security,1~mode=flat;start=0
- Original Message -
From: Josh Fleishman [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, August 14, 2003 5:24 AM
Subject: RE: The impending DDoS storm
Has anyone determined a method for
http://www.theregister.co.uk/content/55/30072.html
The Klez virus last year cost businesses $9 billion worldwide in
lost
productivity,
When I read stuff like this I always wonder if these businesses count
the time spent patching their systems as 'lost' productivity.
John
--
On Thu, 14 Aug 2003, Christopher L. Morrow wrote:
On the configuration angle, the Microsoft ICF (Internet Connection
Firewall) blocks everything by default.
as does OSX.
Just to clarify, the OSX firewall has a little bit of sense. If you check
that you want to enable one of the services
Crist Clark wrote:
To pound it home one more time, worms that attack Microsoft products are a
bigger deal only because Microsoft has at least an order of magnitude greater
installbase than the nearest competitor.
True. I'd be curious to see the worm to software vendor ratios. Anyone
have them?
From: Scott McGrath [mailto:[EMAIL PROTECTED]
No answer on that one, However Mac OS X also includes a built in firewall.
On the configuration angle, the Microsoft ICF (Internet Connection
Firewall) blocks everything by default.
I just worked on a friends computer last night.
The XP ICF
Hello,
I can't open www.microsoft.com ,
windowsupdate.microsoft.com and www.msn.com very slow.
It took long time to sign in the msn IM too.
Do you see any problems so far?
Thanks,
-J
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design
On Wed, Aug 13, 2003 at 01:07:15PM -0400, [EMAIL PROTECTED] said:
How much longer will people put up with the millions of
dollars of losses in time, resources and service inflicted
on the net by the joke vulnerabilities in the toy operating
system known as Windows? Enough is Enough.
I wanted to get some other opinions on some new features that have
appeared in recent code from the popular vendors. It appears there
is a new draft, a copy of which can be found at
http://www.watersprings.org/links/mlr/id/draft-ietf-mpls-icmp-01.txt that
allows MPLS enabled boxes to return some
McBurnett, Jim wrote:
But doesn't that mean the hacker won?
If you change the DNS and a user can not get to
windowsupdate, you just helped him create a better
DoS than he had...
I have no affiliation with Microsoft, nor do I care about their services
or products. What I do care about is a worm
Fletcher,
My primary responsibility here is engineering exactly these kinds of
systems.
The biggest difference between CWDM systems and DWDM systems is system
reach. Most CWDM systems are designed for short haul applications like
yours (approx 20km and under. Most DWDM systems are designed
Maybe I'm wrong, but I thought that the extended MPLS info only showed
up when the trace was started on a PE or P router. Is that right?
If customers or others outside the MPLS domain can see that info I'd
definitely agree with you.
Mike
-Original Message-
From: Leo Bicknell
I have to agree with Ejay. Microsoft is not the only software vendor.
It seems silly to argue that one OS is better than the other. Linux
needs to be patched to, as do all the various flavors or Unix, solaris,
etc from time to time and with varying degrees of urgency. This is a
fact of life.
There is legitimate traffic on 135. All users I've talked to have been
We started blocking 135-139 and 445 a week ago... we got one complaint,
and added an exception for those two ip addresses (one remote/one local).
We're just a small regional ISP, but we've seen little real use
of these
Title: Message
Can someone
recommend an electrical engineering firm in the middle to north part of
California that has experience with NOC design? TIA
Dan
Lockwood
I am hoping to ask some questions of an enterprise network
engineer/manager
who knows a bit about circuit costs in APAC. Specifically, I have
a vendor telling me a WAN link from Beijing to SanFran is cheaper than
Beijing
to almost anywhere else in APAC: Singapore, Hong Kong, Sydney
and Tokyo.
On Wed, 6 Aug 2003, Paul Vixie wrote:
More and more there is less and less spoofing, its just not required and
it causes more damage with less effort :( Why spoof when you have 1000
machines pumping 1 packet per second? (or 10)
leaving the spoofing option open for future generations of
Some people have mistakenly assumed I was talking about the
exploit and berated me for being a week out of date..
To clarify -- I'm talking about a worm based around the
exploit.
On Thu, Aug 07, 2003 at 06:34:02AM -0400, Len Rose wrote:
It seems to be true.. I haven't seen any
code yet
Randy Bush wrote:
There are requirements one can make of vendors.
These have been made, several times :) In fact there is an IETF working
group pushing these requirments now, Mr. Bush could provide the details
that have slipped my addled brain.
it is not a wg. but there is a draft
On woensdag, aug 13, 2003, at 21:38 Europe/Amsterdam, Crist Clark wrote:
Cool. So if you use private ports, you'll be totally protected from the
Internet nasties (and the Internet protected from your broken or
malicious
traffic) in the same way RFC1918 addressing does the exact same thing
now
Gerald wrote:
We all hedged bets that Cisco was going to absorb the CSS and just make it
a software feature on the Catalyst switches. I haven't heard of that
actually happening yet though.
No, but there is some interesting new functionality in the latest revs
of IOS which look awefully
[EMAIL PROTECTED] (Petri Helenius) writes:
I´m constantly seeing responses to queries for AOL servers which come
in from different IP addresses than the query was sent to.
due to the weakness of the 16-bit query id field, bind will throw that
stuff away. the source address and port has to
Please look here
http://www.cybertelecom.org/statistics.htm
and here
http://www.cybertelecom.org/broadband.htm
-B
--- Minseok Kwon [EMAIL PROTECTED] wrote:
Can anyone tell me where I can get the recent
statistics of Internet
connection speeds? Specifically, I need statistics
for edge link
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of McBurnett, Jim
... I really can not image
legitimate traffic on 135..
My problem with this approach is that, in 1985, you could have said I
really cannot imagine legitimate traffic on port 80.
(On the other hand, you could
does anyone know if the scanning is sequential once
a range is chosen or is it random within a range?
e.g.,
1.1.1.1
1.1.1.2
1.1.1.3
etc
or
1.1.1.89
1.1.1.33
1.1.1.12
etc
-Original Message-
From: John Dvorak [mailto:[EMAIL PROTECTED]
Sent: Monday, August 11, 2003 5:57 PM
To: NANOG
anyone here having problems resolving americaonline.aol.com with spoof
protection enabled on their dns servers? It appears AOL via a series of
cnames is specifying a non-authoritive dns server as authoritive for
internet.aol.com which is where the first url is cnamed.
I need a dns expert to
If you go out and spend a few thousand you can also get Allied Telesyn
L2-L4 products that now support Load Balancing. Actually the rapier
24i is about $2000 Canadian. (I'd have to check the VAR pricing)
Jason
On 6 Aug 2003 at 22:59, Paul Vixie wrote:
Using outboard appliances for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
What is the proper way to deal with a company that is unresponsive to any form
of contact. IE they have outdated information on their ip assignments, bounce
every piece of e-mail that I send? (including postmaster@ which is where the
But we digress and this horse is dead.
Can we move on?
More and more there is less and less spoofing, its just not required and
it causes more damage with less effort :( Why spoof when you have 1000
machines pumping 1 packet per second? (or 10)
leaving the spoofing option open for future generations of attacks,
rather than having a witch-hunt and
On Wed, Aug 06, 2003 at 01:50:33PM -0400, Jason Dixon wrote:
I second this suggestion. I worked briefly at F5 Networks in 2001 and
was responsible for supporting Big-IP and 3DNS. Both are very nice
products, but NOT cheap.
I've used them all fairly heavily, except the Foundry gear.
I'm showing signs of an RPC sweep across one of my networks that's
killing some XP machines (only XP confirmed). How wide spread is this at
this time. Also, does anyone know if this is just generating a DOS
symptom or if I should be looking for backdoors in these client systems?
-Jack
In a message written on Thu, Aug 14, 2003 at 01:21:28PM -0500, Mike Bernico wrote:
Maybe I'm wrong, but I thought that the extended MPLS info only showed
up when the trace was started on a PE or P router. Is that right?
I did the traceroute from a router with _NO_ mpls commands turned on,
and
Lars Higham wrote:
It's a good idea, granted, but isn't this covered by IPv6 administrative
scoping?
That's the network layer, not the transport layer. IPv6 scoping has the
potential to be very helpful for private addressing since it's fundamentally
built into the protocol, as opposed to
Can I have some suggestions on how to load balance servers that are on
seperate IP blocks? Is there any way to perform translation at this
level? Exclude DNS based balancing please...
--
Jason Greenberg, CCIE #11021
Network Administrator
Execulink, Inc.
[EMAIL PROTECTED]
On Thu, Aug 07, 2003 at 10:32:04AM -0400, Leo Bicknell wrote:
Has anyone else gotten one of these? It appears they are trolling
a Nanog archive on the web and sending these out to posters. *sigh*
Return-Path: [EMAIL PROTECTED]
Received: from internetseer.com (mail9.internetseer.com
Sean Donelan [EMAIL PROTECTED] 8/14/03 8:29:07 AM
John Markoff reports in the New York Times that Microsoft plans to
change
how it ships Windows XP due to the worm. In the future Microsoft
will
ship both business and consumer verisons of Windows XP with the
included
firewall enabled by
I´m constantly seeing responses to queries for AOL servers which come
in from different IP addresses than the query was sent to.
Pete
anyone here having problems resolving americaonline.aol.com with spoof
protection enabled on their dns servers? It appears AOL via a series of
cnames is
Austad, Jay wrote:
We all hedged bets that Cisco was going to absorb the CSS and
just make it
a software feature on the Catalyst switches. I haven't heard of that
actually happening yet though.
If they did that, how would they sell the CSS hardware? :)
I would think that the closest you
ipchains and similar firewalls are indeed far superior. I manage real
firewalls as part of my responsibilities.
However the new microsoft policy will help protect the network from Joe
and Jane average who buy a PC from the closest big box store and hook it
up to their cable modem so they can
45 seconds:
deny tcp any any eq 135 (5445 matches)
deny tcp any any eq 137
deny tcp any any eq 138
deny tcp any any eq 139
deny tcp any any eq 445 (207 matches)
- Original Message -
From: Randy Bush [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, August 11,
On Wed, 13 Aug 2003, Jason Frisvold wrote:
If the blaster cannot get a proper DNS response, it continues to
replicate via port 135... It then goes into a retry cycle and continues
to try to get a good DNS lookup.
has anyone tried tarpitting eg labrea to slow the worm?
-Dan
--
[-] Omae no
Charles Sprickman wrote:
On Sat, 9 Aug 2003, Eric Germann wrote:
You also have the sporadic people who say for whatever reason, I said
something on NANOG I shouldn't have because now that I am unemployed from a
dot bomb, when I try to get a job, they search the web and these stupid
Today at 11:24 (-0400), Josh Fleishman wrote:
Date: Thu, 14 Aug 2003 11:24:53 -0400
From: Josh Fleishman [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: RE: The impending DDoS storm
Has anyone determined a method for triggering the DOS attack manually?
We've attempted this by changing an
On Tue, Aug 05, 2003 at 02:09:19PM -0400, Eric Brunner-Williams in Portland Maine
wrote:
... tried to silence the door audible alarm
Didn't it have battery backup? Inquiring minds want to know.
The door? Guess not. Reminds me of a skit from Kentucky Fried Movie, tho. :)
Serously, yeah
--On Thursday, August 14, 2003 11:24:53 AM -0400 Josh Fleishman
[EMAIL PROTECTED] wrote:
Has anyone determined a method for triggering the DOS attack manually?
We've attempted this by changing an infected machine's clock, however it
did not work on our test box. If anyone has triggered the
On Tue, 12 Aug 2003, Sean Donelan wrote:
I think filters/firewalls are usefull. I believe every computer should
have one. I have several. I just disagree on who should control the
filters.
in your opinion who should control them? (just curious)
On Wed, 6 Aug 2003, Austad, Jay wrote:
If they did that, how would they sell the CSS hardware? :)
That was our concern. Cisco already had hardware to do as good or better
than what ArrowPoint was doing. They would suck in the intellectual
property, discontinue the CSS line, and roll out a
On Tue, 5 Aug 2003, Mike Tancsa wrote:
At 07:02 PM 05/08/2003 +, Christopher L. Morrow wrote:
so long as you are sure they aren't spoofed, yes.
A recent post by Rob Thomas said, I've tracked 1787 DDoS attacks since 01
JAN 2003. Of that number, only 32 used spoofed sources. I rarely
Subject: Re: When Security Guards Attack (was: clearblue part deux) Date: Tue, Aug 05,
2003 at 03:19:42PM -0400 Quoting Eric Gauthier ([EMAIL PROTECTED]):
People laugh histerically when the evil bad guy in a movie has a button
labeled Emergency Power Off that shuts everything down... They
On Mon, 4 Aug 2003, Jared Mauch wrote:
For those of you that are doing IPv6 deployments, might I suggest
you also take the time to do the same?I know that Cisco has v6 u-rpf
support already.
but not netflow as far as i remember. -hank
- Jared
--
I've been looking at out traffic graphs and trying to decide if traffic
really is down 10-15% over the last 24 hours or it's just my imagination.
I would say 5-10% below where it should be taking into account seasonal
variations, it´s within the error margin, but barely.
Pete
On Mon, 11 Aug 2003, Vincent J. Bono wrote:
Anyone out ther ever see or hear tell of a device that will let you run two
GBICs back to back wthout an associated switch and all the trimmings?
Application is to convert a CWDM GBIC signal to a Multimode one.
Vinny,
Would something like this
The good ole computers as cars metaphor. In the UK:
1) In order to drive a car, you have to have a license.
2) In order to have the car on the road, you have to have it taxed and
have a qualified mechanic certify it for basic road worthiness.
Neither of these rules currently apply to
I'm getting ICMP timeouts to 2 destinations that on are on Savvis. Is
anyone else seeing it? I don't have packet loss to anything else. Below
is my ping to www.savvis.net and a customer that I have masked to protect
the innocent :).
MUSKET:8:36:56am/export/home/pete:ping -s www.savvis.net
Ahhh...
You don't put battery backup on a kill-all switch
The idea behind it is to kill-all!! (*doh*) If you ever need to press it,
you do so just before the guys-with-foam run in to douse your burning UPS...
Jerry
---Original Message---
From: Eric Brunner-Williams in
In the immortal words of Leo Bicknell ([EMAIL PROTECTED]):
Has anyone else gotten one of these?
Dozens, and have bitbucketed them on every single mail server I can
get my hands on.
It appears they are trolling a Nanog archive on the web and sending
these out to posters. *sigh*
They may
On Tue, 05 Aug 2003 09:56:52 BST, [EMAIL PROTECTED] said:
1) What *immediate* benefits do you get if you are among the first to
deploy?
(For instance, note that you can't stop accepting plain old SMTP till
everybody else deploys).
You can replace complex and buggy spam filtering software
I've got to wonder about someone who posts a rant to nanog to begin
with and I'll give you kudos for having the balls to format it in HTML
as well. Below I included the text of the message sans large aqua font
other HTML 'enhancements'.
I think you rather missed my point - machines with
Has anyone determined a method for triggering the DOS attack manually?
We've attempted this by changing an infected machine's clock, however it
did not work on our test box. If anyone has triggered the attack, do
you have a copy of the sniffed data stream?
It sounds like uRPF is going to be
Sometime recently Network Solutions seems to have stopped accepting
+ as a valid character in an e-mail address. Yes, I did open a
ticket via their customer service people, and was given the reply
that I needed to use another e-mail address. Per their web form,
the only acceptable addresses are
There are requirements one can make of vendors.
These have been made, several times :) In fact there is an IETF working
group pushing these requirments now, Mr. Bush could provide the details
that have slipped my addled brain.
it is not a wg. but there is a draft being actively worked, see
On Mon, 11 Aug 2003, Jack Bates wrote:
Sean Donelan wrote:
http://isc.sans.org/diary.html?date=2003-08-11
The worm uses the RPC DCOM vulnerability to propagate. One it finds a
vulnerable system, it will spawn a shell and use it to download the actual
worm via tftp.
The name of the
Omnitron also makes these, but they're probably closer to the $1000 range.
http://www.omnitron-systems.com/converters/converters.htm
- Original Message -
From: Stephen J Wilcox [EMAIL PROTECTED]
To: Vincent J Bono [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, August 12, 2003
Jack,
This is that RPC flaw in MicroSoft.
I noticed it too.. Got about 20K in 15 hours
Jim
-Original Message-
From: Jack Bates [mailto:[EMAIL PROTECTED]
Sent: Monday, August 11, 2003 4:12 PM
To: NANOG
Subject: RPC errors
I'm showing signs of an RPC sweep across one of my networks
Hello,
If there are any Touch America techs within reach of this email, could
you please contact me off list. Thank you.
Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com
[EMAIL PROTECTED]
On Wed, 2003-08-13 at 10:14, Ingevaldson, Dan (ISS Atlanta) wrote:
It might be somewhat tricky to block TCP/80 going to windowsupdate.com.
I agree... but then, who needs updates anyways.. *grin*
Regards,
===
Daniel Ingevaldson
Engineering Manager, X-Force RD
[EMAIL PROTECTED] (Jason Robertson) writes:
If you go out and spend a few thousand you can also get Allied Telesyn
L2-L4 products that now support Load Balancing. Actually the rapier
24i is about $2000 Canadian. (I'd have to check the VAR pricing)
how much would i have to pay to not have
On Wed, 13 Aug 2003, Mans Nilsson wrote:
Subject: Re: Port blocking last resort in fight against virus Date: Wed, Aug 13,
2003 at 09:57:56AM +0100 Quoting Stephen J. Wilcox ([EMAIL PROTECTED]):
Sorry I see where you're coming from on this but firewalls are more than just
patches to
[EMAIL PROTECTED] wrote:
If the client is behind a NAT, and the spoofed source address doesn't get
through, then that's OK because it means that no application in that same
location behind the NAT can use spoofed addresses.
Which is important given the number of NAT setups that only perform NAT
John Neiberger wrote:
Hmm...I didn't even know XP had a built-in firewall. Any bets on how
long it is before other companies with software firewall products bring
suit against Microsoft for bundling a firewall in the OS?
--
No clue, but I can tell you how long it will last before ISP helpdesks
According to http://isc.sans.org/diary.html?date=2003-08-11 ,
the worm uses the latest popular MS exploit ports, so
* Close port 135/tcp (and if possible 135-139, 445 and 593) .
It also uses TCP port and TFTP = UDP 69 to download its
attack code after getting the initial bootstrap
Thanks but this wont work.
We have a Specific frequency (CWDM) on one side.
-vb
- Original Message -
From: Curtis Clan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Monday, August 11, 2003 1:12 PM
Subject: Re: Gigabit Media Converter
I believe this is what you are
On Wed, 13 Aug 2003, Petri Helenius wrote:
Mans Nilsson wrote:
Subject: Re: Port blocking last resort in fight against virus Date: Tue, Aug 12,
2003 at 10:42:38PM -0400 Quoting Sean Donelan ([EMAIL PROTECTED]):
I think filters/firewalls are useful. I believe every computer
--On Wednesday, August 13, 2003 11:00:56 +0300 Petri Helenius
[EMAIL PROTECTED] wrote:
I think filters/firewalls are useful. I believe every computer should
have one.
Firewalls are a patch to broken network application architechture. If
your applications would have been properly designed,
Users, both corporate and at home, need to be taught that there is no such
thing as plug and play.
For as much as I agree with the philosophy here, we must realize it is the
wrong approach.
Cars did not become more popular because owners had to learn how to swap
more parts. Wireless phones
If you're looking at the Packeteer to put some limits in place based on
protocol, you can take a look at Cisco's NBAR, which is supported in IOS.
What kind of metrics are you looking for? Netflow type info? How fat is
the pipe you want to monitor/manipulate?
-jay
-Original
* [EMAIL PROTECTED] (Stephen J. Wilcox) [Wed 13 Aug 2003, 10:58 CEST]:
In your world DoS traffic would be free to roam the networks as it
pleased without being throttled sensibly at ingress?
How many people are actually following RFC3514? (In other words, how do
you separate DoS traffic from
1 - 100 of 310 matches
Mail list logo