[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <871080DEC5874D41B4E3AFC5C400611E03F6006B@UTDEVS02.campus.ad.utdallas.edu>
From: pauls at utdallas.edu (Schmehl, Paul L)
Subject: SQL Slammer - lessons learned
-----Original Message-----
From: John.Airey@...b.org.uk [mailto:John.Airey@...b.org.uk]
Sent: Monday, February 10, 2003 4:24 AM
To: guninski@...inski.com; Schmehl, Paul L
Cc: full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] SQL Slammer - lessons learned
>
>Code Red/Nimda have fizzled out (probably still some infected
>machines out there), since it is possible to block ports below
>1024.
Huh? Our IDSes detect both Code Red I, II and III and Nimda every day,
as does my Wormcatcher. I don't know *anyone* who is blocking port 80.
Do you?
Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member
Powered by blists - more mailing lists