At 01:35 PM 9/22/01, David Yates Buckley wrote:
>One thing that is interesting to note: say you are using a firewall to access
>your raq, and it is masquerading, and one of your pc's in your office got
>infected, or even say there is some idiot in the office with a twisted sense
>of humour that has bookmarked your own raq with winnt/system32 then you
>suddely are locked out of your raq! And I believe you could be locked out
>for quite a while! So when if in doubt, don't muck around with your raq,
>that explains all these pkgs and patches etc...
I had the same thought when I first read about this script. I advise
against automatically blocking source IPs, as infected machines behind a
proxy server or NAT router would cause ALL machines behind that gateway to
be blocked. Think AOL.
--------------------------------------------------------------------------
Ted Behling, Web Application Developer - Monarch Information Systems, Inc.
43 Folly Field Road, Unit 4, Hilton Head Island, SC 29928-5434
E-mail: mailto:[EMAIL PROTECTED]
Phone/Fax: 1-800-842-7894 Local or Outside the USA: 1-843-842-7894
Cell Phone (urgent issues): 843-816-7895
Cell Phone E-mail: mailto:[EMAIL PROTECTED] (116 letter limit)
Web site: http://www.MonarchIS.net
--------------------------------------------------------------------------
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
