Security Incidents mailing list archives
Re: Blaster Recurrence
From: Neil Anderson <cleidh_mor () btopenworld com>
Date: Mon, 2 Feb 2004 20:35:18 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Our company and some of our clients had several occurrences of Blaster re-appearing on patched machines after the first patch - we had to re-patch with an updated patch. We found that the most direct route for infection was remote users with laptop/VPN/no firewall... Try restricting remote access and I would get those infected machines off the network, re-installed and patched *before* reconnection to the network, but that's stating the obvious ;) Also, if you can, shutdown all currently unused switch ports so that foreign machines can't be connected without you knowing. If you get someone who has to connect a foreign machine, scan it first. Hope this helps. Cheers, Neil Network Engineer. On Friday 30 January 2004 17:54, E. Jimmy Allotey wrote:
I am seeing some new occurences on reformatted machines on my network. They appeared on machines which were reformatted and connected to the network before installation of patches and anti-virus software (idiots!!!!) We have checked all the other machines here which were unaffected and they are fine. Our perimeters are blocked on all the named ports and yet the beast managed to get in.... For fear of sounding stupid, does anybody have any ideas?? E. Jimmy Allotey Network & Systems Security Engineer Tel: +233 24 310 788 --------------------------------------------------------------------------- --------------------------------------------------------------------------- -
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFAHrSJ2h6w8BNEwKYRAuyAAJ9WH+udaCjUjYLdRJm6+7KeoFv9pgCeO6Gl 4y4xE+WDAi0/gxLcU1hofI0= =f/G2 -----END PGP SIGNATURE----- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Blaster Recurrence E. Jimmy Allotey (Feb 02)
- RE: Blaster Recurrence James C Slora Jr (Feb 02)
- Re: Blaster Recurrence Neil Anderson (Feb 02)
- RE: Blaster Recurrence Dave Paris (Feb 03)
- Re: Blaster Recurrence Nick FitzGerald (Feb 03)
- RE: Blaster Recurrence E. Jimmy Allotey (Feb 03)
- <Possible follow-ups>
- RE: Blaster Recurrence Henderson, Dennis K. (Feb 02)