On Wed, 2003-08-13 at 14:20, Aurel Trusca wrote:
> De acord. Dar cui aplic patch? La SuSE? :)
> Nu stiu care o fi cel infectat. Doar sa ii las fara net pe rand pana il
> prind. Cu iptables am vreo sansa?
da. vezi care sunt ip-urile sau clasele de ip-uri pentru
windowsupdate.com si filtrezi tot ce are ca destinatie windowsupdate.com
pana iti patchuiesti windowsii...
citat din advisory-ul de la CERT:
"Filter network traffic
Sites are encouraged to block network access to the following relevant
ports at network borders. This can minimize the potential of
denial-of-service attacks originating from outside the perimeter. The
specific services that should be blocked include
* 69/UDP
* 135/TCP
* 135/UDP
* 139/TCP
* 139/UDP
* 445/TCP
* 445/UDP
* 4444/TCP
Sites should consider blocking both inbound and outbound traffic
tothese ports, depending on network requirements, at the host and
network level. Microsoft's Internet Connection Firewall can be used to
accomplish these goals."
> Aurel
> > yup. W32/Blaster worm, care incearca sa faca tcp syn flood pe
> > windowsupdate.com
> >
> > % host 207.46.134.30.80
> > 30.134.46.207.in-addr.arpa domain name pointer windowsupdate.com.
> >
> > vezi ca exista patch la microsoft pe site pentru vulnerabilitatea
> > asta.
>
>
> ---
> Detalii despre listele noastre de mail: http://www.lug.ro/
--
Patrascu Eugeniu <[EMAIL PROTECTED]>
NoBug Consulting Romania
---
Detalii despre listele noastre de mail: http://www.lug.ro/
