Educause Security Discussion mailing list archives

Re: Slammed by the SASSER?

From: Eric Pancer <epancer () SECURITY DEPAUL EDU>
Date: Fri, 8 Oct 2004 00:34:26 -0500

Monte Schmeiser wrote on Thu, 2004-10-07 at 22:14:24 -0700...

Does anyone have any initial thoughts on what might be going on and how
we should attack this problem.  At this point we are just going to
continue cleaning and patching workstations but are stumped with the
Exchange problem.


Can you take a sample of machines and put them into a network with a
transparent bridge just upstream? Then you can watch all network
traffic and get a sense of whats going on from that small sample.
Post your flows and we can assist more.

--
Eric Pancer :.: Computer Security Response Team :.: DePaul University
http://security.depaul.edu/ .:`:.:':.:`:. epancer () security depaul edu
pgp: 1024D/7ACBCFF3 C022 4991 41E5 51E7 683C F765 62F7 7F8E 7ACB CFF3

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

Slammed by the SASSER? Monte Schmeiser (Oct 07)
- <Possible follow-ups>
- Re: Slammed by the SASSER? Eric Pancer (Oct 07)
- Re: Slammed by the SASSER? Monte Schmeiser (Oct 07)
- Re: Slammed by the SASSER? James Riden (Oct 08)