Re: Unicode worm?

From: Jonathan Rickman (jonathan@xcorps.net)
Date: 08/23/02

Previous message: seren geti: "BAD TRAFFIC 0 ttl"
In reply to: Kurt Seifried: "Re: Unicode worm?"
Next in thread: Deus, Attonbitus: "RE: Unicode worm?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 22 Aug 2002 21:50:53 -0400 (EDT)
From: Jonathan Rickman <jonathan@xcorps.net>
To: <incidents@securityfocus.com>

-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 21 Aug 2002, Kurt Seifried wrote:

> Make sure your servers are patched before they go online and if you're like
> me find someone nice to have dinner with and forget about it. There are much
> better things to do in life then worrying about the latest (or not so
> latest) windows worm.

I agree. It looks like someone has just whipped up a script to scan for
the vulnerability, possibly loosely based on the Nimda code. Not much to
be concerned with if you're patched. Not much you can really do about it
anyway. Lately, I've been just dropping all traffic from Korea and
surrounding areas. No offense to anyone, but it seems that anything
registered with APNIC should be under close scrutiny. Korean networks in
particular appear to be the armpit of the net. I have no need to
allow communication with them, so I just save myself the trouble and
filter it out.

- --
Jonathan Rickman
X Corps Security
http://www.xcorps.net

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQEVAwUBPWWVDDTwrX0N9QH/AQFFxQgA1W3HTWh8KBJV+3a1NE5PSSchbXCTrgos
DEngFxZYtsZyTvB9ssvMdMXG6jhGRZhYWjC5rbEOKzkDT2oTI8bN9HY/L6PRLaAx
UmY/Sd/hrA2fxZ8tta6IBWtXSbNntvP5uS5bZ/wYCB5TFE8RgW+04glQgTrQd/QW
ReGasW8xzvk3NaMzVISoos90aZrjjTP7CTt9y8PmH0gFzsRajt1Okzr7AyIYWM3o
GlIvWTUBrS4p3gUcW7pnDI39NPMmyE8pBe+yMYg9POnd7wyXsug/eswYEXQe8kDR
9x1Vuu6knqnnnyElBF8UNq96ZEFb79g74vNUIVylYKy0DZJ8ZReo/Q==
=e72P
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Previous message: seren geti: "BAD TRAFFIC 0 ttl"
In reply to: Kurt Seifried: "Re: Unicode worm?"
Next in thread: Deus, Attonbitus: "RE: Unicode worm?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Exchange 5.5 maintenance
... the online maintenance will happen automatically (correct me ... couple of 2000 and 2003 servers, but they are member servers, not DCs. ... Hard drive storage is not really an issue in this case. ... ABCO Automation, Inc. ...
(microsoft.public.exchange.admin)
Re: TS 2003 and Event ID 333
... eventid.net and most relevent info I can find online. ... version of certain system dlls as recommended in different posts online. ... The registry and and boot.ini settings were all fine prior to April so I ... I have 3 Windows 2003 servers running TS for remote desktop use. ...
(microsoft.public.windows.terminal_services)
Re: NR2003 "New Guy" What do I need?
... 198x era "aero war" mod that uses the Trucks physics and setups. ... ago (assumed maybe you were online back then by your post?) Where you pay ... server fees BTW, OLR's servers are private though, so there is a trade off). ... To some of us it is nicer than through the free sierra system at times, ...
(rec.autos.simulators)
Re: Where to play Backgammon now?
... I am an intermediate player and have learned the game online. ... Really loved to play there. ... I got in touch with existing servers, ... external advice ...
(rec.games.backgammon)
Re: How to disallow group policies on windows 2000 servers
... Please note you'll need to strip ".online" from my email address to email me; I'll post a response back to the group. ... > of the servers from running the GPO, ... >> Windows Platform Support Team ...
(microsoft.public.win2000.active_directory)