Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SQL Slammer - lessons learned

From: David LaPorte <david_laporte () harvard edu>
Date: Mon, 10 Feb 2003 10:23:08 -0500
Not sure if this is dated (I'm not an AT&T customer), but AT&T was filtering 
port 80 as a result of Code Red.  This document leads me to believe it will 
continue indefinately.

http://help.broadband.att.com/faq.jsp?content_id=792&category_id=54

(you need to choose your state and choose Broadband Internet)

David

On Monday 10 February 2003 09:48, Schmehl, Paul L wrote:

-----Original Message-----
From: John.Airey () rnib org uk [mailto:John.Airey () rnib org uk]
Sent: Monday, February 10, 2003 4:24 AM
To: guninski () guninski com; Schmehl, Paul L
Cc: full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] SQL Slammer - lessons learned


Code Red/Nimda have fizzled out (probably still some infected
machines out there), since it is possible to block ports below
1024.


Huh?  Our IDSes detect both Code Red I, II and III and Nimda every day,
as does my Wormcatcher.  I don't know *anyone* who is blocking port 80.
Do you?

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


-- 
David LaPorte, CISSP
Senior Network Security Engineer
Harvard University Information Services NOC
-----------------------------------------------
Email: david_laporte () harvard edu
  PGP: 0x4DC3E508
       4A1F058DB2B32FEF10A14F6BD370A6AD4DC3E508


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: