nanog mailing list archives
Re: management interface accessability (was Re: Worm / UDP1434)
From: "Johannes Ullrich" <jullrich () euclidian com>
Date: Sun, 26 Jan 2003 12:52:53 -0500
Therein lies the rub. I'm curious -- every medium or large company I'm aware of had Code Red on the inside of the firewalls. What happened this time? Did it get inside? If so, has anyone analyzed how?
I haven't seen any wide spread behind the firewall exposure so far. I think unlike code red / nimda, there are a few factors that help: - most people with firewall block 1434. This is not true for port 80, as the web server is usually intended for the public. - the worm is memory resident. Road warriors that are infected at home or while traveling are unlikely to introduce this worm into the company LAN as they come to work on Monday. - this worm only uses port 1434 UDP. Nimda made it past a lot of firewalls and NAT devices by spreading via e-mail and web clients. -- -------------------------------------------------------------------- jullrich () euclidian com Collaborative Intrusion Detection join http://www.dshield.org
Current thread:
- Re: management interface accessability (was Re: Worm / UDP1434) Steven M. Bellovin (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Johannes Ullrich (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Rob Thomas (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Chris Lloyd (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Stephen J. Wilcox (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Chris Lloyd (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Iljitsch van Beijnum (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Rob Thomas (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Christopher L. Morrow (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Rob Thomas (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Christopher L. Morrow (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Rob Thomas (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) E.B. Dreger (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Johannes Ullrich (Jan 26)