On Sat, 2003-07-26 at 22:29, Ron DuFresne wrote: > > I'm just trying to understand how corporate networks would/should be at > risk with this, why port 135 would not be filtered already limiting > exposure. Is there a reason why it would not be that I'm missing?
Are you really serious? Recall Slammer? There were networks that were locked down pretty tight. Slammer couldn't get in, right? Then one developer who got his unpatched copy of SQL inside the network, by logging in through VPN with his infected laptop, took the entire network down. You can't get in to our network on those ports either - unless you're already in. But I can guarantee you that we'll be chasing infected boxes down for days after the worm hits. And we've already patched everything that we could patch. I scan for Slammer every week, because every week someone new decides to install SQL unpatched or some stupid app that has an unpatched copy of MSDE. Now I'll be chasing the RPC worm around too. You can't firewall 135 inside your network or you'd have no network. The only reason I read lists like this is because I need to know before it hits what the next stupid exploit is that I have to deal with. And every one is a royal PITA. I put virus and worm writers right there in the same pile with spammers. They're all the scum of the earth. Clear examples of the worst of human nature. -- Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
