Re: Blaster Recurrence

From: Neil Anderson (
Date: 02/02/04

  • Next message: Craig Bumpstead: "Type od DDoS in MyDoom????"
    To: <>
    Date: Mon, 2 Feb 2004 20:35:18 +0000

    Hash: SHA1

    Our company and some of our clients had several occurrences of Blaster
    re-appearing on patched machines after the first patch - we had to re-patch
    with an updated patch.

    We found that the most direct route for infection was remote users with
    laptop/VPN/no firewall... Try restricting remote access and I would get
    those infected machines off the network, re-installed and patched *before*
    reconnection to the network, but that's stating the obvious ;)

    Also, if you can, shutdown all currently unused switch ports so that foreign
    machines can't be connected without you knowing. If you get someone who has
    to connect a foreign machine, scan it first.

    Hope this helps.


    Network Engineer.

    On Friday 30 January 2004 17:54, E. Jimmy Allotey wrote:
    > I am seeing some new occurences on reformatted machines on my network.
    > They appeared on machines which were reformatted and connected to the
    > network before installation of patches and anti-virus software
    > (idiots!!!!) We have checked all the other machines here which were
    > unaffected and they are fine.
    > Our perimeters are blocked on all the named ports and yet the beast
    > managed to get in....
    > For fear of sounding stupid, does anybody have any ideas??
    > E. Jimmy Allotey
    > Network & Systems Security Engineer
    > Tel: +233 24 310 788
    > ---------------------------------------------------------------------------
    > ---------------------------------------------------------------------------
    Version: GnuPG v1.2.2 (GNU/Linux)

    -----END PGP SIGNATURE-----


  • Next message: Craig Bumpstead: "Type od DDoS in MyDoom????"