[Dshield] DHS/CIA Advisory: [Fwd: Potential For Significant Impact On Internet Operations]

Johannes Ullrich jullrich at euclidian.com
Thu Jul 31 21:41:59 GMT 2003


> 	Thank you very much for the info, I just don't
>  understand why some people are not taking this seriously?

The sad part is that its essentially already too late to
take it seriously. I just did a quick pull from our database,
and it looks that about 20+ % of our sensors got already 
scanned for this (not all of them submit protocol info or
enough detail to ascertain that this is a DCOM scan. So
this number is likely higher.)

In my opinion: Worm or no worm. In two weeks you will either
be patched or hacked. (or firewalled).

While firewalls can buy you time to patch this, they are not
an excuse not to patch. The ONLY protection you have is to
patch. If you can, get yourself a recent copy of dcom.c
and try it yourself. This exploit is very easy to use.
(usual disclaimers: only use it with permission.)


-- 
Johannes Ullrich                     jullrich at euclidian.com
pgp key: http://johannes.homepc.org/PGPKEYS




More information about the list mailing list