That wasn't my point at all; I realize that the impact is rather wide spread and serious. My point was that as soon as someone changes a semicolon in the, poorly-written code, it becomes a new variant and gets 5 more minutes on CNN. As for the ICMP storms, you and I both know that those can be mitigated by well placed ACLs within an org or ISP. My horrible attempt at making a point was meant to surmount to this: If you would just patch your systems, this would not be happening to you right now. All of these worms are exploiting KNOWN OS vulnerabilities, be it WebDAV or the RPC Flaw. Am I alone in not having much sympathy for persons affected by these exploits? I mean come on; you had almost an entire month to patch your systems. What that amounts to is reprehensible systems administration and management.
Thanks, JP -----Original Message----- From: Ingevaldson, Dan (ISS Atlanta) [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 2:50 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [ISSForum] ISS Security Brief: UPDATED MSRPC DCOM Worm Variants Propagating Jon- You are correct that the worm is poorly written. I don't agree that the information surrounding the issue is "hype". Many networks have been impacted by ICMP storms related to the 300 threads per infected hosts pinging and scanning like crazy. Nachi also has an entirely new exploit vector in the WebDAV exploit. One such report: http://story.news.yahoo.com/news?tmpl=story&cid=581&ncid=581&e=1&u=/nm/2 0030819/tc_nm/airlines_aircanada_virus_dc Regards, =============================== Daniel Ingevaldson Engineering Manager, X-Force R&D [EMAIL PROTECTED] 404-236-3160 Internet Security Systems, Inc. The Power to Protect http://www.iss.net =============================== _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
