nanog mailing list archives
Re: management interface accessability (was Re: Worm / UDP1434)
From: "Stephen J. Wilcox" <steve () telecomplete co uk>
Date: Sun, 26 Jan 2003 18:50:36 +0000 (GMT)
On Sun, 26 Jan 2003, Chris Lloyd wrote:
On Sun, Jan 26, 2003 at 12:08:07PM -0600, Rob Thomas wrote:Just a point here: Many road warriors are work-at-home folks who have their computers on 24x7. They may be infected, and will fire up their VPN tunnels Monday morning. This may introduce the worm into the chewy center of many corporate networks. Hopefully folks have put the proper filters in place on their VPN access points.Personally, I think it's unlikely the situation will get worse on Monday because of people starting work. The first reason is that you can only get infected if you're running SQL server (or MSDE) at home and someone sends you one of the special packets. The second reason is that you, if you're infected, send the packets to random IP addresses, and not only do you have to randomly choose an address on the corporate LAN, but it has to be a machine running SQL server. To my mind the probability of all these things being the case is microscopic!
My observation was that the target IPs are not random and that local IPs were hit more often (same /16 more than /8 more than all /0) .. a la Codered. STeve
Current thread:
- Re: management interface accessability (was Re: Worm / UDP1434) Steven M. Bellovin (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Johannes Ullrich (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Rob Thomas (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Chris Lloyd (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Stephen J. Wilcox (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Chris Lloyd (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Iljitsch van Beijnum (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Rob Thomas (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Christopher L. Morrow (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Rob Thomas (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Christopher L. Morrow (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Rob Thomas (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) E.B. Dreger (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Christopher L. Morrow (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Johannes Ullrich (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) alex (Jan 27)
- Re: management interface accessability (was Re: Worm / UDP1434) Christopher L. Morrow (Jan 27)