[Dshield] DCOM morning after

Shawn Cox shawn.cox at pcca.com
Tue Aug 12 16:35:19 GMT 2003


Ok. I was going to let your first comment go, but you are clearly viewing
the world through rose colored glasses.

Sure in a perfect world, we'd all have all our machines patched and every
single device protected from every threat know and unknown.  For that matter
all software would be perfect without need for patching.  But this simply
isn't the case.  There is NO WAY to be fully protected at all times.  NONE,
ZERO, NADA.

I help manage a relatively small network, 300 corporate workstations and
about 200 outside machines for which we have no control over their patch
level.  They all VPN to us effectively becoming part of our network.  We
can't simply turn these people away because their machines aren't patched.
They provide our revenue, without them we are done as a company.

So we are forced to take these hits as they come, be as proactive as
possible, keep management and our clients happy and move on with life.  Or
move to the forrest and live like a bear(which sometimes sounds appealing).


--Shawn



----- Original Message ----- 
From: "Ben Robson" <ben at robson.ph>
To: "*Hobbit*" <hobbit at avian.org>
Cc: "General DShield Discussion List" <list at dshield.org>
Sent: Tuesday, August 12, 2003 11:01 AM
Subject: Re: [Dshield] DCOM morning after


> The thing that does it for me is that I can -almost- accept the home
> user community falling prey to this, but I am absolutely pole-axed at
> the concept that companies, money making organisations who's number one
> asset is information, are connecting unpatched systems to the Internet
> with out even turning on Microsoft's own IPSec tools, or installing some
> cheap -free-, do nothing/know nothing packet filter.
>
> I have been having conversations on this worm in nunmerous forums and
> without fail at least half the posts are stating that the author's
> organisation fell victim and is in the process of cleaning up.  I even
> read one posting from someone stating that their employer, "a major
> international bank" was infected.  I mean you got to be shitting me
> right!!!!!!! (pardon the language please).
>
> BenR.
>
> *Hobbit* wrote:
>
> >No, you're not the only one who's utterly floored by the idea that ANY
> >of this stuff would be accessible from outside any business, large or
> >small.  Even the little SOHO nat-boxes I'd expect to prevent this sort
> >of thing by default apparently aren't doing the job.
> >
> >Same with 139, 445, 1443 or whatever it was, etc.  It's just astounding
> >how lame the so-called "internet community" has become.  Until they
> >turn Redmond into a glass parking lot and start over, nobody is safe.
> >
> >_H*
> >
> >
> >
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
>




More information about the list mailing list