Firewall Wizards mailing list archives
Re: worm + VPN + firewall
From: Carric Dooley <carric () com2usa com>
Date: Sat, 16 Aug 2003 12:55:52 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have worked with a client that started getting RPC scans from their VPN range the day the worm was released. Luckily they had patched most of their systems. I agree that the VPN segment should be DMZ'd, but typically those users have acess to NetBIOS so they can map shares, etc. If you didn't patch, you are hosed on this one. Lots of people didn't learn from Nimda. On Fri, 15 Aug 2003, R. DuFresne wrote:
On Wed, 13 Aug 2003, Mordechai T. Abzug wrote:Has anyone had a user's external Blasterized system that VPNd past a firewall and compromised an internal network? It would be nice to have conrete examples for the "VPNs should terminate outside firewalls" argument.While I have not heard direct claims of such kinds of infections so far with the msblaster episode, there have been issues noted with roadwarriors coming into the office and their laptops, already infected, spreading their sickness throughout the LAN. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1 Comment: Made with pgp4pine 1.75-6 iQA/AwUBPz5iJ1UqWOkDpMZ2EQLi8wCgxGSDrL17Edrv9AQYWeN5wd9r8RcAn2cI QE5vtcciP1FIVJn4WHeG2V1l =DivY -----END PGP SIGNATURE----- _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- worm + VPN + firewall Mordechai T. Abzug (Aug 15)
- Re: worm + VPN + firewall R. DuFresne (Aug 15)
- Re: worm + VPN + firewall Carric Dooley (Aug 17)
- Re: worm + VPN + firewall R. DuFresne (Aug 18)
- Re: worm + VPN + firewall Paul Robertson (Aug 18)
- Re: worm + VPN + firewall Bennett Todd (Aug 18)
- Re: worm + VPN + firewall Carric Dooley (Aug 17)
- Re: worm + VPN + firewall R. DuFresne (Aug 15)
- RE: worm + VPN + firewall lordchariot (Aug 15)
- <Possible follow-ups>
- RE: worm + VPN + firewall Ames, Neil (Aug 15)
- RE: worm + VPN + firewall Steve Evans (Aug 15)