nanog mailing list archives

Re: Operational impact of filtering SMB/NETBIOS traffic?

From: David Avery <daa () rmi net>
Date: Sun, 19 Nov 2000 21:23:40 -0700


I would hope leased line/colo machines would be better set up, but I am probably
dreaming.

Just for referance I an one of the net/security admins at distributed.net
and there are a number of win* worms running arounf in the wild carrying
the distributed.net client as part of their payload.

So far in the past 3 months ( since the worms appeared) I have logged
over 400,000 unique IP addresses returning data to distributed.net 
from installs created by the worms. We have spot checked a number of 
these IPs and find win9x boxes with open C shares and signs on multiple
infestation including QAZ and other DDoS payloads.

daa
daa () distributed net

Current thread:

Re: Operational impact of filtering SMB/NETBIOS traffic?, (continued)
- - Re: Operational impact of filtering SMB/NETBIOS traffic? Jim Mercer (Nov 19)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Adam McKenna (Nov 19)
  - RE: Operational impact of filtering SMB/NETBIOS traffic? Greg A. Woods (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Ethan Butterfield (Nov 19)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Roeland Meyer (Nov 19)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Roeland Meyer (Nov 19)
  - RE: Operational impact of filtering SMB/NETBIOS traffic? Greg A. Woods (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Mike Johnson (Nov 19)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Stephen J. Wilcox (Nov 19)
    - Re: Operational impact of filtering SMB/NETBIOS traffic? Mike Johnson (Nov 19)
    - Re: Operational impact of filtering SMB/NETBIOS traffic? David Avery (Nov 19)
    - Re: Operational impact of filtering SMB/NETBIOS traffic? Jeremy T. Bouse (Nov 19)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Shawn McMahon (Nov 19)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Richard Welty (Nov 19)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Mathew Butler (Nov 20)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Shawn McMahon (Nov 20)
    - Re: Operational impact of filtering SMB/NETBIOS traffic? Mike Johnson (Nov 20)
    - Message not available
    - Re: Operational impact of filtering SMB/NETBIOS traffic? Mike Johnson (Nov 20)
    - Re: Operational impact of filtering SMB/NETBIOS traffic? Jim Mercer (Nov 20)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Mathew Butler (Nov 20)
  - Re: Operational impact of filtering SMB/NETBIOS traffic? Bennett Todd (Nov 20)