RE: SSL

["R. DuFresne" <dufresne () sysinfo com>]

On Wed, 17 Oct 2001, Bruce Platt wrote:

> Regarding Nimda: One way that Nimda infects others is to present a small
> java-script to the browser which passes window.open(\"readme.eml\"" .  
>
> If you are running a vulnerable version of a browser, Outlook, and do not
> have security set in that and aren't running up-to-date antivirus
> definitions, then the machine running the browser gets infected.  A simple
> thing to do is to disable java script in your browser and in Outlook.

This was enlightening, more so then what I'd read and seen privious to
going over this, thanks.

Reading through the document, it seems perhaps one can block the infection
of nimda by not letting tftp traffic through?!  Would others agree this
would be a way to block infections under the SSL schema Gary outlined?

Two further tags one might well key on would be the Admin.dll and
README.EML files this worm tries to pushout.  This is all assuming of
course that the attack vector does not traverse the SSL path to the
infected server, which I did not see anything to indicate such in the pdf
document.

Thanks,


Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!




_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards