[Dshield] Password protected Bagle.F

Ernest Eustace e.eustace at bringit.ca
Sat Mar 6 02:27:26 GMT 2004


Hello All,

We got a good laugh out of many of the comments here at work, unfortunately
its not as funny when we think about this being the same kind of stuff we
have to put up with here.

Even though we block most downloads at our network edge, we did allow ZIPs
for the CAD folks to get their huge drawings, but now with so many Bagle
variants on the loose we've blocked ZIPs too, and as expected are getting
resistance from the users, but more particularly from their managers.

I was wondering what, if anything some of you have done to allow access to
ZIPs but still keep the network secure. I am certainly not going to be
allowing ZIPs in any time soon, our gateway A/V firewall (FortiGate) is
registering over a 1000 infected ZIPs quarantined daily.

For the time being we are setting up individual FTP accounts for the users
that need them and asking their contacts to upload the ZIPs there, but some
of these are mass mailed to many individuals (not all at our company) and
the managers feel its too much trouble to ask the sender to FTP just for us
(though they seem not to understand that it would be much more trouble if
some worm infected us and there was NO network).

Thanks in advance for any input.

Ernest Eustace FCSE GCIA CCNP MCSE
Networking & Security
BringIT
www.bringit.ca

-----Original Message-----
From: list-bounces at dshield.org
To: General DShield Discussion List
Sent: 3/5/04 11:26 AM
Subject: Re: [Dshield] Password protected Bagle.F

On Thu, 2004-03-04 at 12:43, Tony Earnshaw wrote:
> tor, 04.03.2004 kl. 19.17 skrev Jon R. Kibler:
> 
> > > > I couldn't agree more. The problem is that our views are in the
minority.
> > > 
> > > Maybe we need a logo: a sysadmin with his finger in a dike?
> > 
> > LOVE IT!
> 
> But I've seen the results of a dike caving in (summer 2003, near me,
> here in Wilnis in Holland). Believe me, you wouldn't have wanted to be
> that sysadmin.

Logo modification: A sysadmin with his finger in a dike, with a bunch of
users with shovels blissfully digging away around him.

--
John Hardin  KA7OHZ                           
Internal Systems Administrator/Guru               voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
 If you smash a computer to bits with a mallet, that appears to count
 as encryption in the state of Nevada.
                                               - CRYPTO-GRAM 12/2001
-----------------------------------------------------------------------

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list