[Dshield] DCOM morning after

Craig Shaw CraigS at caamb.mb.ca
Tue Aug 12 16:12:18 GMT 2003


Anyone else seeing UDP Broadcast traffic (to 255.255.255.255) from infected
hosts?

Craig Shaw
Systems Administrator
CAA Manitoba
(204) 262-6035
craigs at caamanitoba.com


-----Original Message-----
From: Brenden Walker [mailto:BKWalker at DRBSystems.com] 
Sent: 12-Aug-03 10:44
To: 'General DShield Discussion List'
Subject: RE: [Dshield] DCOM morning after

> Am I the only one -stunned- by the number of companies and 
> professional 
> organisations being infected by thisworm?

Nope, I find it odd as well.. 

> Given its infection path is via port 135, and nobody should be 
> permitting this in to or out of their network (filtered at 
> the firewall) 
> this should only be impacting home users (who are less likely 
> to have a 
> firewall).

My home network (which is really the only net connection I administer)
firewall (Gentoo Linux)  filters everything I don't have an immediate need
for, what I don't get is that if I can manage to control my home network...
Why can't they?  Perhaps you should have to go through a 'driving test'
before being allowed a T1 or bigger pipe.

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list