Re: Microsoft's Early Xmas Present.

From: Brett Glass (
Date: 01/03/02

Date: Thu, 03 Jan 2002 12:10:23 -0700
To: John Sage <>, Steve Stearns <>
From: Brett Glass <>

At 10:01 AM 1/3/2002, John Sage wrote:

>The issue of dialups as an underlying base of infected, unpatched hosts is underappreciated, IMHO..
>As an examle of the scope of the problem, at home I'm on a dialup to AT&T through their Seattle WA pop, with a dynamic IP in the 12.82.x.x range of AT&T's 12.x.x.x class A.

We NAT our transient (as opposed to full-time) dialups for this
reason: It protects users from all such attacks. Users who run
servers are, of course, expected to know more about what they're
doing. However, we do our best protect them as well; our log monitor
firewalls worms out of the network as soon as they are detected.


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: