Security Incidents mailing list archives
Re: Microsoft's Early Xmas Present.
From: Ryan Russell <ryan () securityfocus com>
Date: Sat, 29 Dec 2001 22:04:14 -0700 (MST)
On Fri, 28 Dec 2001, Jay D. Dyson wrote:
Normally I wouldn't be sending this out, but I figure folks need to be aware and wary, considering the origin of this intrusion attempt. I received an early Xmas present from Microsoft. No, I didn't get XP, nor did I get the latest Office software suite. I got a Nimda intrusion attempt.
A tracert would seem to confirm: 14 43 ms 46 ms 45 ms msftlabs-gw.customer.ALTER.NET [157.130.176.46] 15 47 ms 46 ms 47 ms 208.217.184.1 16 48 ms 47 ms 46 ms 192.168.1.1 17 * * * Request timed out. That, and an apparant NAT box of some sort. Which means that it's on some sort of inside net, and running rampant over the weekend. Ouch. But, having worked at a large software company myself in the past, there's really no reason to think that your average desktop self-admin is going to know any better. If anything, it highlights how inadequate expecting normal people to keep up on patches is. I'm starting to think more and more that a 3-month expiration date on Windows is a good idea. If you haven't patched in 3 months, then your machine will refuse to do anything but download patches... Ryan ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Microsoft's Early Xmas Present. Jay D. Dyson (Dec 29)
- Re: Microsoft's Early Xmas Present. Ryan Russell (Dec 30)
- <Possible follow-ups>
- Re: Microsoft's Early Xmas Present. mcoleman (Dec 30)
- Re: Microsoft's Early Xmas Present. Jay D. Dyson (Dec 30)
- Re: Microsoft's Early Xmas Present. Valdis . Kletnieks (Dec 31)