Re: Best way to filter "Nachi pings"?
From: Brett Glass (brett_at_lariat.org)
Date: 10/27/03
- Previous message: Brett Glass: "Re: Best way to filter "Nachi pings"?"
- Maybe in reply to: Brett Glass: "Best way to filter "Nachi pings"?"
- Next in thread: Gaspar Chilingarov: "Re: Best way to filter "Nachi pings"?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 27 Oct 2003 06:20:55 -0700 To: Ross Wheeler <rossw@albury.net.au>, Jason Stone <freebsd-security@dfmm.org>
At 04:23 AM 10/27/2003, Ross Wheeler wrote:
>The "best" option is to actively monitor for this worm (its NOT difficult,
>a few lines of awk and tcpdump does fine here), *DETECT* the worm on your
>customers machine, mail them, mail your support team and BOOT THEM.
That's assuming it's your customer. We're being flooded from OUTSIDE.
There seem to be approximately one zillion hacked Windows machines
out there, and zero inside our networks (because we're blocking the
appropriate ports). We've had only one infection behind that particular
router, and it came when someone brought in a laptop that had been
connected elsewhere.
--Brett
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Brett Glass: "Re: Best way to filter "Nachi pings"?"
- Maybe in reply to: Brett Glass: "Best way to filter "Nachi pings"?"
- Next in thread: Gaspar Chilingarov: "Re: Best way to filter "Nachi pings"?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
