hello all, while we're waiting for the next big worm, the one that will eat all those windows boxes (DCOM-RPC buffer overrun: http://www.securityfocus.com/bid/8205/discussion/), and may it have a wonderful time doing it too, i have a question.
one obvious way to slow this thing down would be to block all access from the internet to TCP/UDP 135. and, while we're at it, on our RAS, gateways and bandwidth manager, do the same. is there any good reason not to do this? maybe just do it and then wait for any users stupid enough to use it on the open net to whine about it? i haven't been sniffing my network lately, but the impression i get from previous network reconnaisance is that too many people (ISP subscribers) have their Samba shares and such open and are going to get eaten by that worm when it starts doing the rounds. tiger -- Gerald Timothy Quimpo gquimpo*hotmail.com tiger*sni*ph http://bopolissimus.sni.ph an xcdngl nntrstng jrnl Public Key: "gpg --keyserver pgp.mit.edu --recv-keys 672F4C78" Your manuscript is both good and original, but the part that is good is not original, and the part that is original is not good. -- Samuel Johnson -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
