Not to be left out ...
dmurdoch at odu.edu
Tue Aug 12 19:20:43 GMT 2003
We have two people actively monitoring the DMZ network - one is watching a
TCPDUMP trace for any system connecting to port 135, and the other one is
monitoring a snort sensor specifically configured with the two RPC DCOM
Today - spent a bunch of time in a lab, looking ....
Shut down 2 IP's attempting to infect the world ....
Blocking known ports at the outermost point ..... (135-139, 445, etc).
Considering a tactical investment in Jolt Cola stock for the next 2
weeks.... but my broker won't call me back!
I did discover a misguided RPC service on a Linux system as a side effect.
Don Murdoch, CISSP, GCIA, MCSE, MCSD
Information Systems Security Officer
Tel: 757-683-4580 Office of Computing and Communications Services
Fax: 757-683-5155 Old Dominion University - Norfolk, Virginia. USA
This signature block is not a digital signature under UETA. If you
received this message in error, inform the sender and delete it.
More information about the unisog