Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Worm?

From: "SNOsoft" <simon () snosoft com>
Date: Mon, 16 Jan 2006 00:07:08 -0500
David, 
        I'm tempted to flame you because of the email that you sent, but
instead, I'll be nice. My first word of advice to you is do not send emails
like this to public mailing lists. They advertise either your lack of
technical competence or lack of time to react to an incident.

Questions:

1-) Why didn't your IPS Vendor (assuming that it's a Managed Security
Services Provider) provide you with any payload information (Packet
Capture)? At the very least they should have told you what port this thing
was sending data to/from and what systems it was impacting. If they didn't
provide you with that, find a better MSSP.

2-) Why haven't you sniffed your network and collected any of this traffic
for analysis on your own? If you have then why didn't you provide this to
the list to analyze? 

3-) Last one... How did you not notice "large volumes of traffic" that are
abnormal? Don't you have any type of network traffic monitors in place?

You are after all the Corporate IT Security guy.... Hell... Doesn't this
very email violate your security policy? 

Just my two cents...

-simon




-----Original Message-----
From: full-disclosure-bounces () lists grok org uk 
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf 
Of TheGesus
Sent: Sunday, January 15, 2006 10:38 PM
To: Byrne, David
Cc: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Worm?


Our IPS vendor is reporting a number of customers affected by large 
volumes of traffic generated by a worm. Anyone have details?


Thanks,

David Byrne



Same as it ever was... same as it ever was...
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/






BullGuard Anti-virus has scanned this e-mail and found it clean.
Try BullGuard for free: www.bullguard.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: