[Dshield] Different Nachi/msblast probe pattern?

Kenton Smith ksmith at chartwelltechnology.com
Thu Sep 11 16:41:20 GMT 2003

Either I'm confused or you are...
I'm sure it's Sobig that expired on the 10th of September. I don't think
MSBlast has an expiration date.

I'm sure someone will correct me if I'm wrong.


On Thu, 2003-09-11 at 09:57, ALEPH0 wrote:

> msblast was programmed to cripple yesterday (give or take timezones and
> misconfigured desktop clocks), the 10th.  There is always someone out there
> who will modify it on the 11th to put more spin on the wheel, usually
> amateurish and basic modifications of the original.
> Also, though perhaps this is not the place to post it, I'd like to voice my
> support for Johannes' recommendation that ISPs block 135, 137, 139 and 445.
> I read Mark Bernard's disagreement on ISN with the proposal.  Fact is, these
> services are (or should be) LAN protocols.  Any possible need to share
> information this way can be done in oher ways securely.  Geez, we
> practically made anonymous ftp extinct ages ago.  Sure, it's nice to be able
> to enum a guy who is a temporary problem.  But it is primarily irresponsible
> for this LAN system traffic to be global by default.  One might argue that
> there is no difference between MS share security and that of an ftp store,
> for which a vulnerability could exist.  But the real difference is that MS
> designed their file shares really to be useful limited to a local network
> with their domain security.
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list