[Dshield] [RE: [unisog] New (No kidding) RPC Vulnerability]

John Sage jsage at finchhaven.com
Sat Sep 13 18:54:40 GMT 2003

Given the discussion here about regulations and licenses and all,
here's an intersting post to the UNISOG list, describing one approach
used in a controlled environment:

----- Forwarded message from "Martin, James E." <martin at foo.net> -----

Date: Wed, 10 Sep 2003 17:02:13 -0500
From: "Martin, James E." <martin at foo.net>
To: "Matt Crawford" <crawdad at boo.gov>, "Dax" <dax at resnet.bar.edu>
Cc: <unisog at sans.org>
Subject: RE: [unisog] New (No kidding) RPC Vulnerability

A downstream campus shut off the dorm ports on the first day back at
school last month, then gave students a choice:

A. They could have a port once they'd been certified as patched to
current stable and virus-free by IT staff, or 

B. Users with a non-Microsoft operating system were given a number to
call for immediate port access. 

Words cannot express my personal and professional gratitude. :)


-----Original Message-----
From: Matt Crawford [mailto:crawdad at boo.gov]
Sent: Wednesday, September 10, 2003 4:26 PM
To: Dax
Cc: unisog at sans.org
Subject: Re: [unisog] New (No kidding) RPC Vulnerability

> http://www.microsoft.com/technet/security/bulletin/MS03-039.asp
> http://www.microsoft.com/security/security_bulletins/MS03-039.asp
> 	Sooo...good job patching for Blaster everyone...Next!

I was just saying we should set up a table in the Atrium and give every 
windows user a choice of CDROMs:

Pick from box A and get all the current windows patches.

Pick from box B and get a localized Red Hat Linux installation.

If you pick from A, come again next week.

----- End forwarded message -----

- John
"Warning: time of day goes back, taking countermeasures."

John Sage
InfoSec Groupie

ABCD, EFGH, IJKL, EmEnOh, Pplus+, Mminus-

ATTENTION: this message is privleged communication. If you read it
even though you aren't supposed to, you're a poopy-head.

More information about the list mailing list