[unisog] DShield and Symantec report MSBlast in wild

Jordan Wiens jwiens at nersp.nerdc.ufl.edu
Tue Aug 12 16:16:26 GMT 2003


We're filtering port 4444 at all core network devices.  That (sorta)
prevents the spread, and we have an exception for our security scanning
machine so we can locate hosts that are 'half-way' compromised and notify
the owner via popups.

-- 
Jordan Wiens, CISSP
UF Network Incident Response Team
(352)392-2061

On Tue, 12 Aug 2003, Jeff Bollinger wrote:

> Speaking of which, anyone have any good plans to prevent another uprising
> for when the students do come back?
>
> Thanks,
> Jeff
>
> Jeff Bollinger, CISSP
> University of North Carolina
> IT Security Analyst
> 105 Abernethy Hall
> mailto: jeff_bollinger at unc dot edu
>
> On Tue, 12 Aug 2003, Gary Flynn wrote:
>
> >
> >
> > Edward W. Ray wrote:
> >
> > > While this is illegal, and no site should be DDoSed off the web, I find the
> > > fact that the worm slams the M$ site rather amusing :)
> >
> > That is because you don't have 10,000 student computers getting
> > ready to come back to campus in a week that will need the Windows
> > Update site operational. :)
> >
> > I'm cringing.
> >
> >
>



More information about the unisog mailing list