[Dshield] Different Nachi/msblast probe pattern?

Doug White doug at clickdoug.com
Thu Sep 11 18:29:12 GMT 2003


I spoke too soon, after an 8 hours absence, the port 135 and the pings have
returned with a vengeance.

======================================
Stop spam on your domain, use our gateway!
For hosting solutions http://www.clickdoug.com
Featuring Win2003 Enterprise, RedHat Linux, CFMX 6.1 and all databases.
ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772
Suggested corporate Anti-virus policy: http://www.dshield.org/antivirus.pdf
======================================
If you are not satisfied with my service, my job isn't done!

----- Original Message ----- 
From: "ALEPH0" <aleph0 at pacbell.net>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Thursday, September 11, 2003 10:57 AM
Subject: RE: [Dshield] Different Nachi/msblast probe pattern?


| msblast was programmed to cripple yesterday (give or take timezones and
| misconfigured desktop clocks), the 10th.  There is always someone out there
| who will modify it on the 11th to put more spin on the wheel, usually
| amateurish and basic modifications of the original.
|
| Also, though perhaps this is not the place to post it, I'd like to voice my
| support for Johannes' recommendation that ISPs block 135, 137, 139 and 445.
| I read Mark Bernard's disagreement on ISN with the proposal.  Fact is, these
| services are (or should be) LAN protocols.  Any possible need to share
| information this way can be done in oher ways securely.  Geez, we
| practically made anonymous ftp extinct ages ago.  Sure, it's nice to be able
| to enum a guy who is a temporary problem.  But it is primarily irresponsible
| for this LAN system traffic to be global by default.  One might argue that
| there is no difference between MS share security and that of an ftp store,
| for which a vulnerability could exist.  But the real difference is that MS
| designed their file shares really to be useful limited to a local network
| with their domain security.
|
|
| _______________________________________________
| list mailing list
| list at dshield.org
| To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
|




More information about the list mailing list