Firewall Wizards mailing list archives
RE: SSL
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 18 Oct 2001 20:38:48 -0400 (EDT)
On Wed, 17 Oct 2001, Bruce Platt wrote:
Regarding Nimda: One way that Nimda infects others is to present a small java-script to the browser which passes window.open(\"readme.eml\"" . If you are running a vulnerable version of a browser, Outlook, and do not have security set in that and aren't running up-to-date antivirus definitions, then the machine running the browser gets infected. A simple thing to do is to disable java script in your browser and in Outlook.
This was enlightening, more so then what I'd read and seen privious to going over this, thanks. Reading through the document, it seems perhaps one can block the infection of nimda by not letting tftp traffic through?! Would others agree this would be a way to block infections under the SSL schema Gary outlined? Two further tags one might well key on would be the Admin.dll and README.EML files this worm tries to pushout. This is all assuming of course that the attack vector does not traverse the SSL path to the infected server, which I did not see anything to indicate such in the pdf document. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: SSL, (continued)
- Re: SSL Frederick M Avolio (Oct 18)
- Re: SSL R. DuFresne (Oct 18)
- Re: SSL teo (Oct 18)
- Re: SSL Patrick M. Hausen (Oct 18)
- RE: SSL Stefan Norberg (Oct 18)
- RE: SSL Bruce Platt (Oct 18)
- RE: SSL R. DuFresne (Oct 18)
- RE: SSL Paul D. Robertson (Oct 20)
- RE: SSL R. DuFresne (Oct 18)
- RE: SSL Scott, Richard (Oct 18)
- RE: SSL Illes Marci (Oct 20)
- RE: SSL Ames, Neil (Oct 18)
- RE: SSL Paul D. Robertson (Oct 20)
- RE: SSL Chad Schieken (Oct 20)
- RE: SSL Dawes, Rogan (ZA - Johannesburg) (Oct 20)
- RE: SSL Bruce Platt (Oct 20)
- RE: SSL Paul D. Robertson (Oct 20)
- RE: SSL Bruce Platt (Oct 20)
(Thread continues...)