sasser virus (was Re: [unisog] student fees for cleaning.)

Butler, Kevin D butlerkevind at uams.edu
Mon May 10 21:34:33 GMT 2004


Ok, I demand that you mass produce whatever crystal-ball appliance you
are using for mass consumption pronto. Well, we're down to less than 70
machines that are identified as being vulnerable. Has anyone had any
instances of the "E" variant of Sasser rear its ugly head on them??

Kevin D. Butler, MCP
Network Security Engineer
University Of Arkansas for Medical Sciences
4301 West Markham, Slot 637
Little Rock, Arkansas 72205
+1 (501) 526-6391 - Wk
+1 (501) 405-8240 - Pgr
5014058240 at pageme.teletouch.com - Text Pgr
 
"I've seen things you people wouldn't believe...moments lost in
time...like tears in rain." 
Blade Runner 20th Anniversary...June 25th, 2002 

"The man who does not read good books has no advantage over the man who
cannot read them." -Mark Twain (1835-1910)
 
-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Peter Van Epp
Sent: Monday, May 10, 2004 2:44 PM
To: UNIversity Security Operations Group
Subject: Re: sasser virus (was Re: [unisog] student fees for cleaning.)

	I may have stumbled across why we missed the sasser worm: It
appears
I blocked ports 1025, 2745 3137 and 6129 at the border unless they were 
established from inside. Since I don't remember doing this, it was well
before
the sasser scare :-). That may or may not have made the difference here
(it
wouldn't affect internal infections though).

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada
_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog



------------------------------------

Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.




More information about the unisog mailing list