Dailydave mailing list archives
RE: Port 445, BB-style security news services,
From: "Edward Ray" <support () mmicman com>
Date: Sat, 25 Jun 2005 08:35:39 -0700
Reading articles like these makes me want to start my own security blog... You have to look at your audience here. While I am surprised that E-week would pick up on this FUD, this is what Gartner makes its money on. Some CIO who is paying oodles of money for access to Gartner's reports and advice will look and see that his security devices are in the "Magic Quadrant" and thus his/her network is safe. What is even more amusing is the "Magic Quadrant" that I here quoted by vendors and Gartner alike. I think my Tipping Point IPS and Netscreen devices are/were in the Magic Quadrant. Whew, what a relief :) This article has been repeated on vunet and elsewhere. At least some other sources bring a little sanity. From http://isc.sans.org: "... several readers sent us their thoughts on the recent spike in tcp/445 traffic. The general consensus seems to be that there was no wide-spread Internet attack or scans. Others postulated that some locations might have been victims of "routine" scans on ports that are listed in the monthly Microsoft security advisories. Another thought was that what Symantec (and later the US-CERT and Gartner) reported was really based on increased bot activity. Regardless, we did not see any significant increases in the DShield database on tcp/445 but will continue to monitor the situation." Edward W. Ray -----Original Message----- From: dailydave-bounces () lists immunitysec com [mailto:dailydave-bounces () lists immunitysec com] On Behalf Of Dave Aitel Sent: Friday, June 24, 2005 8:51 AM To: dailydave Subject: [Dailydave] Port 445, BB-style security news services, http://www.eweek.com/article2/0,1759,1830698,00.asp Ok. I had to forward this. Because it made us laugh out loud here at Immunity HQ, and I figured it might give a few of you giggles too. Normally I don't just repost news articles, but this one is more of a spoof on a news article than an actual news article itself. "An ominous increase in sniffing activity on TCP Port 445 could signal an impending mass malicious code attack targeting a recently patched Microsoft vulnerability, according to a warning from security researchers." "Port scanning is an activity that may be indicative of an attempt to discover attack vectors against any vendor product and is not an activity unique to Microsoft products," she added. She said software engineers at Redmond would continue to analyze and monitor for any malicious activity but stressed that she was not aware of any customers being attacked via sniffing against TCP Port 445 and have not received any indication of malicious activity associated with MS05-027. "John Pescatore, VP of security research at Gartner Inc., said the reports of increased sniffing on Port 445 are a "serious concern for enterprise security managers" because such activity usually means a mass attack is imminent." This is the sort of article that could be autogenerated Bloomberg-style. A couple weeks ago Justine was looking into Immunity developing a Boomberg-like device for security specific news. Something marketed towards Stephen Scharf (the current CSO of BB) and people like him who don't have time to go click everywhere to learn what they need. Plus, scrollies look cool. I think the idea was to do it as a Buzzword-compliant JNXA web application that was distributed as a portable touchscreen device, hooked into Verizon's EDGE network so you wouldn't have to configure it at all or hook it up to your network. Ideally there'd be modules for various channels - things like IRC where you could connect all the Financial CSO's together and have them discuss their ongoing issues, if an emergency pops up. And of course, the ongoing news of the security world, sorted automatically by an automated filter. We might still do it since I think we could beat AT&T at the game handily, although I don't think articles like the above one would make it through the filter. :> -dave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Port 445, BB-style security news services, Dave Aitel (Jun 24)
- RE: Port 445, BB-style security news services, Edward Ray (Jun 25)
- Re: Port 445, BB-style security news services, Steve Lord (Jun 25)
- RE: Port 445, BB-style security news services, Edward Ray (Jun 25)