I scan our network constantly and have not experienced such an attack despite having had more than one storm infected computer on the network (despite the 8,000+ systems only about 5 infections so far).
I don't have any facts to base this on, but I expect that the attacks require communication between the clients and we have mitigating factors here: 1. no inbound http to non-approved servers. Storm has a web server component so this *might* impact that 2. P2P is off by default. Storm relies on a P2P protocol (I forget which one) to communicate so this can be expected to impact it. Most of our storm worm detection has been from a snort rule (three cases), one from an external alert (before we had the snort rule in place), and one from trouble shooting lost network connectivity. I recommend snort for detecting storm. Tim Doty -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nelson, C.M. Sent: Friday, September 07, 2007 6:57 AM To: [email protected] Subject: Storm Worm Hi, I've been reading that security scanning a "Storm Worm" infected PC may lead to triggering a DDoS attach on the scanner host's network. Does anyone one have more information about using Nessus in relation to Storm Worm i.e. is it known to trigger such an attack and can Nessus detect a Storm Worm infection? -- Carl Nelson Distributed Systems Services, Computer Centre, University of Leicester, Leicester, LE1 7RH, U.K. Tel: +44 (0)116 252 2060, Fax: +44 (0)116 252 5027 _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
