Security Incidents mailing list archives

Re: Blaster Recurrence

From: GertJan Hagenaars <incidents () hagenaars com>
Date: Tue, 2 Mar 2004 15:19:11 -0500

Apparently, Matthew Pope wrote:
% E. Jimmy Allotey wrote:
% 
% >Thanks to all for your help. I have traced it down to a user who has
% >been on study leave since the day after the blaster hit and whose office
% >was locked so the machine could not be disinfected.
% 
% Mr. Study-leave should study security while on leave.  Physically 
% locking one's office (with no key for others) where a PC is powered on 
% and connected to the network is just a tad sub-optimal for network security.

It just means that you walk by the computer room to unplug his network
drop on your way back to your desk (and then you turn that into a policy
for anyone who's away for more than two days).

Alternatively, if you have VLAN capability, you can do it _from_ your desk.

Alternatively, you can assign it a non-routable IP address via DHCP.

Alternatively, you can break into the box and shut it down (obviously,
it has at least one security hole).

Alternatively, you can get someone from building maintenance with a
master key to open the door for you so you can impound the PC.

Soo many choices, so little time...

CHeers,
GertJan.

-- 
+++++++++++++ -------- +++++ --- ++ - +0+ + ++ +++ +++++ ++++++++ +++++++++++++
sed '/^[when][coders]/!d         G.J.W. Hagenaars -- gj at hagenaars dot com
    /^...[discover].$/d          Remembering Mike Carty 1968-1994
   /^..[real].[code]$/!d         UltrixIrixAIXHPUXSunOSLinuxBSD, nothing but nix
' /usr/dict/words                I'm Dutch, what's _your_ excuse?

---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at 
http://www.securityfocus.com/sponsor/Astaro_incidents_040301
----------------------------------------------------------------------------

Current thread:

Re: Blaster Recurrence Matthew Pope (Mar 02)
- Re: Blaster Recurrence GertJan Hagenaars (Mar 03)
  - Re: Blaster Recurrence Valdis . Kletnieks (Mar 03)
- <Possible follow-ups>
- RE: Blaster Recurrence Jeff McLaughlin (Mar 02)