| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1059320523.1994.45.camel@localhost> From: pauls at utdallas.edu (Paul Schmehl) Subject: DCOM RPC exploit (dcom.c) On Sun, 2003-07-27 at 01:30, Ron DuFresne wrote: > > > > You can't firewall 135 inside your network or you'd have no network. > > but, you can at the outgouing gateway, as well as log the events there to > help in locating inside infections. Slammer and some of the other recent > worms giving a good headsup to folks that filtering is indeed not a one > way proposition. > > ingress as well as egress filtering has been something strongly advocated > for quite sometime. > > > If an internal network gets so infected that it;s clogging the outgooing > gateway chokepoint, then it's time to take that network 'offline' from the > rest of the internet and cleanup. Unless the company line on this is open > all ports and let the rest of the world fend for themselves while we try > and cleanup this mess, which was the decision on a number of places during > recent worm exploits and not limited to slammer. How does *any* of what you've said lessen the pain of having to clean up the mess created by these worms. We block 135 in both directions, but that doesn't stop the worm from forcing us to play whack a mole again, on the inside. Even using SMS, SUS and login scripts to distribute patches *and* an aggressive educational program doesn't guarantee 100% coverage of patches. -- Paul Schmehl (pauls@...allas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/
Powered by blists - more mailing lists