[Dshield] d-shield, who are they?
Johannes B. Ullrich
jullrich at sans.org
Sat Aug 16 03:12:33 GMT 2003
This message was converted from multipart/signed to ascii armored
-----BEGIN PGP SIGNED MESSAGE-----
> The news media didn't even mention it. I listened to the major news casters
> and they have little or no knowledge on Internet security. Then it dawned on me
> that the few people they rely on do not give a significant understanding to
> the public about security issues. Dah! Dahhhh! I thought about dshield and all
> the resourceful members it has. Mmmm, wouldn't it be nice if dshield could be
> consulted on various security topics by the media.
hehe... I spent a good amount of time on the phone to talk to various
news media over the last few days to do just that ;-).
On your other observation: I highly doubt that the disk and blaster
where at all connected. However, the fact that all machines in the
school got hit at the same time matches the blaster pattern.
Likely, the school uses a given /16 network (e.g.
10.0.0.0-10.0.255.255). Blaster will scan networks sequentially, and
most likely start with its own network. So one infected machine in the
school will be sufficient to infect the entire network.
It is hard to educate users about worms/viruses and such. To some
of the non-techies I talked to, the conecept that your computer could be
infected "without you having to click on any e-mail attachment" was
For your high school, I would recommend some better security policies
and practices. Firewalls not only to the internet, but also to segment
some of the internal networks. Maybe some proactive scanning if
something like the RPC DCOM is announced.
SANS - Internet Storm Center
PGP Key: http://isc.sans.org/jullrich.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
XId8um83GkSfJf46k5322YE-----END PGP SIGNATURE-----
More information about the list