Sorry for being a little late in this discussion - was out there being a good admin.\
But viz-a-viz cost calculation caused by worm or mass-mail - i remember when in '97 at a bank I worked at then, people found the Reply All feature in Exchange client. It took down the network for some 5 hours, and one of the things that failed was a daily interest payment - some 80 Mo. $ loss - by a network issue. That's something else, some companies actually use the computers for business... ----- Original Message ----- From: "Bojan Zdrnja" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, July 30, 2003 12:01 PM Subject: RE: [Full-Disclosure] Avoiding being a good admin - was DCOM RPC exploit (dcom.c) > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Ron DuFresne > > Sent: Wednesday, 30 July 2003 8:51 a.m. > > To: [EMAIL PROTECTED] > > Cc: Jason; [EMAIL PROTECTED] > > Subject: Re: [Full-Disclosure] Avoiding being a good admin - > > was DCOM RPC exploit (dcom.c) > > > Still the best defensive porture is taken at the entrance and exit points > > as pertains to most all these 'services'. If the ports 135 and 1433 etc > > are blocked, both tcp and udp protocols, then patching becomes far less > > dramatic, even if a few machines inside get infected due to laptops or > > what have you. when the flow on the wire for a segment > > Perimeter blocking is not everything. > It's an important part of your security policy, but I think you're > overstating that. > > Is it too difficult to write a worm which will spread through RPC DCOM (this > is just to stay OT) *AND* mass e-mailing. See that? Mass e-mails ... You can > have the best port blocking in the world and still be infected in a second. > > The solution for this is long term improvement of security, strong security > policies *AND* education. > > Regards, > > Bojan Zdrnja > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
