Full Disclosure mailing list archives
Re: another new worm submission
From: Ron DuFresne <dufresne () winternet com>
Date: Sat, 5 Jun 2004 17:38:11 -0500 (CDT)
[SNIP]
How are these system getting compromised? Why don't you have this patch deployed yet? Why are these systems reachable from the Internet over port 445?For someone who knows nothing about his network, you sure are willing to make a lot of assumptions. You admit you don't know how the systems were compromised and you don't know what compromised them, yet you castigate him for leaving port 445 open and not patching and you assume this happened *remotely*?
[SNIP]
You're right, I made an assumption that the systems were being compromised remotely rather than being deliberately and maliciously hacked by insiders. Would this somehow be less of a problem? Having systems with routable addresses reachable through port 445 is the most likely avenue of compromise, if this is not the case then Josh would be well advised to determine exactly what is going on with his network.
Agreed here, anyone sitting with exposed windows specific ports on the
insecure Internet <e.g. 445, 135-139, udp as well as tcp, etc> is pretty
much deserving of what hits them these days. Without tackling that
side of the coin, it's going to be pretty hard for these folks to
determine if the troubles they are facing is internal or not.
Without control of the perimiter choke point, how can one even
think to start to look at controls of the whole danged wire inside?
Perhaps we need to adapt personal firewall day to a monthly thing for
the next 5 years or more to help these clueless souls.
[SNIP]
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- another new worm submission Perrymon, Josh L. (Jun 04)
- Re: another new worm submission Axel Pettinger (Jun 04)
- Re: another new worm submission insecure (Jun 04)
- Re: another new worm submission Paul Schmehl (Jun 04)
- Re: another new worm submission Jerry Heidtke (Jun 04)
- Re: another new worm submission Ron DuFresne (Jun 05)
- Re: another new worm submission Paul Schmehl (Jun 04)
- Re: another new worm submission Christoph Gruber (Jun 07)
- Re: another new worm submission Christoph Gruber (Jun 08)
- Re: another new worm submission Christoph Gruber (Jun 08)
- Re: another new worm submission Christoph Gruber (Jun 08)
- <Possible follow-ups>
- RE: another new worm submission Perrymon, Josh L. (Jun 06)
- RE: another new worm submission Schmehl, Paul L (Jun 07)