[<prev] [next>] [day] [month] [year] [list]
Message-ID: <0EBC45FCABFC95428EBFC3A51B368C95513900@jessica.herefordshire.gov.uk>
From: prandal at herefordshire.gov.uk (Randal, Phil)
Subject: RE: Probable new MS DCOM RPC worm for Windo
ws
Why not? Easy enough to check in a login script if you're using something
like Kixtart (www.kixtart.org).
Cheers,
Phil
---------------------------------------------
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -----Original Message-----
> From: Schmehl, Paul L [mailto:pauls@...allas.edu]
> Sent: 26 September 2003 15:33
> To: full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] RE: Probable new MS DCOM RPC worm for
> Windo ws
>
>
> > -----Original Message-----
> > From: Gary Flynn [mailto:flynngn@....edu]
> > Sent: Friday, September 26, 2003 8:06 AM
> > To: 'full-disclosure@...ts.netsys.com'
> > Subject: Re: [Full-Disclosure] RE: Probable new MS DCOM RPC
> > worm for Windo ws
> >
> >
> > I would think a better way of determining if a patch is
> > actually installed on a system is by examining the files on
> > the system rather than to depend upon symptoms (scanners) or
> > installation logs (registry entries).
>
> True, but *I'm* not going to physically touch (or even
> virtually touch)
> 2000+ machines looking at file properties. Are you?
>
> Paul Schmehl (pauls@...allas.edu)
> Adjunct Information Security Officer
> The University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu/~pauls/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists