[Dshield] Different Nachi/msblast probe pattern?
ksmith at chartwelltechnology.com
Thu Sep 11 16:41:20 GMT 2003
Either I'm confused or you are...
I'm sure it's Sobig that expired on the 10th of September. I don't think
MSBlast has an expiration date.
I'm sure someone will correct me if I'm wrong.
On Thu, 2003-09-11 at 09:57, ALEPH0 wrote:
> msblast was programmed to cripple yesterday (give or take timezones and
> misconfigured desktop clocks), the 10th. There is always someone out there
> who will modify it on the 11th to put more spin on the wheel, usually
> amateurish and basic modifications of the original.
> Also, though perhaps this is not the place to post it, I'd like to voice my
> support for Johannes' recommendation that ISPs block 135, 137, 139 and 445.
> I read Mark Bernard's disagreement on ISN with the proposal. Fact is, these
> services are (or should be) LAN protocols. Any possible need to share
> information this way can be done in oher ways securely. Geez, we
> practically made anonymous ftp extinct ages ago. Sure, it's nice to be able
> to enum a guy who is a temporary problem. But it is primarily irresponsible
> for this LAN system traffic to be global by default. One might argue that
> there is no difference between MS share security and that of an ftp store,
> for which a vulnerability could exist. But the real difference is that MS
> designed their file shares really to be useful limited to a local network
> with their domain security.
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
More information about the list