sasser virus (was Re: [unisog] student fees for cleaning.)

Jason S. Cash cash at UDel.Edu
Fri May 7 21:20:50 GMT 2004


On Fri, 7 May 2004, Peter Van Epp wrote:
<snip>
> 	While I'm not from the U of Utah, sasser here was a non event. There
> were 5 or 7 machines hit last week sometime in one day and then 1 and 2s as
> people bring in laptops or dial in from home among our 8,000+ machines.
> 	Ports 135, 137, 139, 445 are blocked in and out at the border (and
> attempting to scan out is logged and whacked) is presumably the reason why
> we didn't see a large number of infections. 500 or so machines (and several
> months of recovery) from blaster may have also helped convince those
> responsible for the machines that 1) an infection will get caught and network
> access will be removed, and 2) the pain of 1) isn't worth it :-). Thanks to
> you kind beta testers on unisog they also got several warnings that sasser
> was coming.
> 	Argus outside my border isn't even seeing an abnormal amount of
> scanning from external sources.

Peter,

 Do you have any stats on the number of computers on your campus that
were/are unpatched and vulnerable to LSASS exploits?

Jason

>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
>

/*  Jason S. Cash  IT/Network and Systems Services
       University of Delaware, Newark Delaware
         e:cash at udel.edu  v: 302-831-0461           */



More information about the unisog mailing list