Code Red - internal meltdowns
From: Russ (Russ.Cooper@RC.ON.CA)Date: 08/08/01
- Previous message: Russ: "Re: Alert: New version of Code Red, XXXX - msg 3 - new informatio n"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <E9A01F52DC939448BBDE44ED2E1C468F167C51@muskie.rc.on.ca> Date: Wed, 8 Aug 2001 11:56:02 -0400 From: Russ <Russ.Cooper@RC.ON.CA> Subject: Code Red - internal meltdowns To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
-----BEGIN PGP SIGNED MESSAGE-----
A lot of organizations have been focusing on preventing Code Red from
coming through their Internet gateways, while forgetting other
methods of infection.
Windows 2000 Professional on laptops usually has hibernation enabled.
If Personal Web Server (which is IIS) is installed, and the laptop
gets connected to the Internet from home or another company's office,
it can easily become infected. Since its memory resident, if
hibernation is used during travel back to the office, as soon as the
machine is brought up it can start emitting attacks on your internal
network.
This is true for all variants known to date.
So don't believe your internal network is secure just because you
block port 80 at your router/firewall. More than a few internal
networks have been infected with Code Red, likely for this reason. If
Code Red has access to a LAN to propagate, it doesn't take long for
it to saturate it.
Also remember your VPN connections, both your own employees and any
you might have with partners. They often work both ways, more often
than not with only a little filtering (if at all). Home workers might
very well have several computers behind their NAT'd gateway, all may
also be able to pump traffic out the VPN (depending on how its
configured). Scanning your own internal address space may not be
sufficient to identify all of possibly infectable machines.
Is little Johnny's computer (W2K Pro?) at the CEO's home continually
re-infecting your internal network over daddy's VPN?
Time to take stock of all of the possibilities...it might even help
you get some of your policies effected!
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.2
iQCVAwUBO3FhEhBh2Kw/l7p5AQFjFQQAxpR4BUr3Nh9DImaveLPwpYLi+0DP+o6Z
PJ6DZu3PgKF6Di2IXRzO8c2HlTWoeB7nCmhM6RKoUqn48+ZPQ51J3WtB/WK2f2GB
SpJuvlsv9DUpuLrAj3kVhylxSXwjjKrlzFVMapS3aha+CVnuxR2VOsZ6JDt2bklk
/m7wHmN/aec=
=Hv2c
-----END PGP SIGNATURE-----
- Previous message: Russ: "Re: Alert: New version of Code Red, XXXX - msg 3 - new informatio n"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
