sasser virus (was Re: [unisog] student fees for cleaning.)
Jason S. Cash
cash at UDel.Edu
Fri May 7 21:20:50 GMT 2004
On Fri, 7 May 2004, Peter Van Epp wrote:
> While I'm not from the U of Utah, sasser here was a non event. There
> were 5 or 7 machines hit last week sometime in one day and then 1 and 2s as
> people bring in laptops or dial in from home among our 8,000+ machines.
> Ports 135, 137, 139, 445 are blocked in and out at the border (and
> attempting to scan out is logged and whacked) is presumably the reason why
> we didn't see a large number of infections. 500 or so machines (and several
> months of recovery) from blaster may have also helped convince those
> responsible for the machines that 1) an infection will get caught and network
> access will be removed, and 2) the pain of 1) isn't worth it :-). Thanks to
> you kind beta testers on unisog they also got several warnings that sasser
> was coming.
> Argus outside my border isn't even seeing an abnormal amount of
> scanning from external sources.
Do you have any stats on the number of computers on your campus that
were/are unpatched and vulnerable to LSASS exploits?
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
> unisog mailing list
> unisog at lists.sans.org
/* Jason S. Cash IT/Network and Systems Services
University of Delaware, Newark Delaware
e:cash at udel.edu v: 302-831-0461 */
More information about the unisog