Re: Microsoft's Early Xmas Present.

From: Brett Glass (brett@lariat.org)
Date: 01/03/02


Date: Thu, 03 Jan 2002 12:10:23 -0700
To: John Sage <jsage@finchhaven.com>, Steve Stearns <sterno@bigbrother.net>
From: Brett Glass <brett@lariat.org>

At 10:01 AM 1/3/2002, John Sage wrote:

>The issue of dialups as an underlying base of infected, unpatched hosts is underappreciated, IMHO..
>
>As an examle of the scope of the problem, at home I'm on a dialup to AT&T through their Seattle WA pop, with a dynamic IP in the 12.82.x.x range of AT&T's 12.x.x.x class A.

We NAT our transient (as opposed to full-time) dialups for this
reason: It protects users from all such attacks. Users who run
servers are, of course, expected to know more about what they're
doing. However, we do our best protect them as well; our log monitor
firewalls worms out of the network as soon as they are detected.

--Brett

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com