| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dufresne at winternet.com (Ron DuFresne) Subject: DCOM RPC exploit (dcom.c) [SNIP] > This is simply and plainly false. I don't know why people can't seem to > grasp this. I know of several major corporations who not only had > 1434/UDP blocked at the firewall but also on a number of internal > routers *and* had aggressive patching programs, and they *still* > suffered from Slammer. All it takes is *one* infected box *inside* the > network to negate all the hard work you've done trying to keep the worm > out. > > When you have 150,000 machines worldwide, having 1% of those unpatched > (which is a 99% *success* rate) means you have 1500! vulnerable > machines. Most situations that I'm familiar with were in the tens - not > even the hundreds - but it only took 10 or 15 machines to take down the > entire network due to the nature of that worm. 10 or 15 boxes > represents 1/100th of a percent of the total, yet that small number > could completely destablize a network and cause untold hours of work for > the admins and networking staff. > granted alot of companies and most gov and edu sites seem to not know how to prevent a system from joinging the network without first being audited to ensure it complies with the sites security poicy. And for those organizations, this posting by Paul rings true. Those sites that have stringent security policies and a means of enforcement of those policies in place, do not face these problems, especially each and every time a new sploit comes out. Certainly worked for the groups I was associated with at NRTLE a few years back, and their being spread globally, due to many acquisitions, as well as having a variety of OS's to contend with, certainly had the numbers of users and systems that seems to make many admins shudder at trying to manage. If the tools did not exist to do what we needed to do, we ended up building our own. We do much the same at the present location I work in. Though I have to admit, maintaining M$ is someone elses headache here and was at Nortel. But, some folks seem to handle it better then others. Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists