[Dshield] DCOM morning after

Darren Gasser kaos at earthlink.net
Tue Aug 12 17:16:37 GMT 2003


Shawn Cox wrote:
>   There is NO WAY to be fully protected at all times.  NONE,  ZERO, NADA.

No, but we can at least prevent the obvious and stupid attacks like
MSBlaster with a bit of care and diligence.

> I help manage a relatively small network, 300 corporate workstations
> and
> about 200 outside machines for which we have no control over their
> patch
> level.  They all VPN to us effectively becoming part of our network.
> We
> can't simply turn these people away because their machines aren't
> patched.
> They provide our revenue, without them we are done as a company.

Many of us are in the same boat (OK, maybe not with 40% of our network being
over VPN, but still...).  However, a properly configured VPN generally
wouldn't let ports 135 and 4444 through to the internal network, and
certainly wouldn't allow them over the public Internet.  Patches really
don't have anything to do with it in this case, as others have pointed
out -- a reasonable firewall configuration would have stopped this attack at
the border.

-Darren




More information about the list mailing list