[Dshield] DCOM morning after

Ben Robson ben at robson.ph
Tue Aug 12 16:01:39 GMT 2003


The thing that does it for me is that I can -almost- accept the home 
user community falling prey to this, but I am absolutely pole-axed at 
the concept that companies, money making organisations who's number one 
asset is information, are connecting unpatched systems to the Internet 
with out even turning on Microsoft's own IPSec tools, or installing some 
cheap -free-, do nothing/know nothing packet filter.

I have been having conversations on this worm in nunmerous forums and 
without fail at least half the posts are stating that the author's 
organisation fell victim and is in the process of cleaning up.  I even 
read one posting from someone stating that their employer, "a major 
international bank" was infected.  I mean you got to be shitting me 
right!!!!!!! (pardon the language please).

BenR.

*Hobbit* wrote:

>No, you're not the only one who's utterly floored by the idea that ANY
>of this stuff would be accessible from outside any business, large or
>small.  Even the little SOHO nat-boxes I'd expect to prevent this sort
>of thing by default apparently aren't doing the job.
>
>Same with 139, 445, 1443 or whatever it was, etc.  It's just astounding
>how lame the so-called "internet community" has become.  Until they
>turn Redmond into a glass parking lot and start over, nobody is safe.
>
>_H*
>
>  
>




More information about the list mailing list