Security Incidents mailing list archives
Re: Q328691 ?
From: Jon <warchild () spoofed org>
Date: Fri, 6 Sep 2002 19:21:15 -0400
There's been some dicussion at the link below. One person says he's been aware of this for a number of weeks, and that weak passwords may playing a part. http://arstechnica.infopop.net/OpenTopic/page?a=tpc&s=50009562&f=12009443&m=6340983235
If it is a simply an attack against machines with weak and/or nonexistant passwords on administrative accounts, frankly I'm not suprised in the least. We all know of large networks who were very lenient regarding the access to the standard web ports. The likes of CodeRed, Nimda, and their spawn have changed things quite a bit. It took incidents of such a magnitude to get things cleaned up. I certainly can't speak for all providers, but for every provider that I know of that does block in/outbound netbios traffic, I can name 2 that don't. I understand that blocking said traffic can have a negative impact on productivity and whathaveyou, but I also have a pretty good understanding of what risk *not* blocking this traffic poses. I know I'm probably just restating the obvious... It will be interesting to see what the real cause of these incidents boils down to. If it is indeed an attack against weak passwords, this is obviously nothing new and the same attack could trivially be mounted against weak administrative passwords on UNIX boxen via ssh, telnet, or your program of choice. On the other hand, if the cause is some yet-to-be-disclosed bug, the problem could go any number of directions. My $.03. Cheers and good luck, -jon ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Q328691 ? Bronek Kozicki (Sep 06)
- Re: Q328691 ? H C (Sep 06)
- Re: Q328691 ? Jonathan Rickman (Sep 06)
- Re: Q328691 ? Nick FitzGerald (Sep 09)
- Re: Q328691 ? Baribault, Gary (Sep 06)
- Re: Q328691 ? sunzi (Sep 09)
- Re: Q328691 ? Jonathan Rickman (Sep 06)
- Re: Q328691 ? Joe Blatz (Sep 06)
- Re: Q328691 ? Jon (Sep 09)
- Re: Q328691 ? HggdH (Sep 09)
- Re: Q328691 ? Valdis . Kletnieks (Sep 06)
- <Possible follow-ups>
- RE: Q328691 ? Byrne, David (Sep 09)
- Re: Q328691 ? Security (Sep 09)
- Re: Q328691 ? sunzi (Sep 09)
- Re: SV: Q328691 ? H C (Sep 09)
- Re: Q328691 ? Bernt Lervik (Sep 09)
- RE: Q328691 ? Jason Coombs (Sep 09)
- Re: Q328691 ? Bronek Kozicki (Sep 09)
- Re: Q328691 ? H C (Sep 09)
(Thread continues...)
- Re: Q328691 ? H C (Sep 06)