Re: Would a firewall prevent Sasser worm?

phn_at_icke-reklam.ipsec.nu
Date: 05/05/04


Date: Wed, 5 May 2004 06:08:15 +0000 (UTC)

In comp.security.misc Lars M. Hansen <badnews@hansenonline.net> wrote:
> On Tue, 4 May 2004 18:07:15 +0000 (UTC), phn@icke-reklam.ipsec.nu
> spoketh

>>In comp.security.misc Bill Unruh <unruh@string.physics.ubc.ca> wrote:
>>> Lars M. Hansen <badnews@hansenonline.net> writes:
>>
>>> ]On Tue, 04 May 2004 08:33:32 GMT, Piotr Makley spoketh
>>
>>> ]>If I had a firewall would that prevent the Sasser worm infecting my
>>> ]>PC?
>>> ]>
>>> ]>I mean, if another infected system cannot see my ports because they
>>> ]>are stealthed then presumably Sasser could not infect me?
>>
>>> ]Yes, any firewall that blocks incoming port 445 will prevent infection
>>> ]by the Sasser worm.
>>
>>> Why is port 445 open on his system in the first place?
>>
>>Becouse microsoft has it enabled and vulnerable by default.

> "Vulnerable by default"? What the F*** does that mean? Does that mean

It means the ordinary thing "Its enabled by your vendor, who in their infinite
wizdom thinks that this port should be left open".

The opposit is examplified with FreeBSD that has zero externally reachable
ports outside the box after a "default install" ( default install
is defined as one where all suggestions is accepoted without changes)

> when the next vulnerability for linux are discovered, the Microsoft camp
> can claim that linux are "vulnerable by default"?

You should think before writing.

> Lars M. Hansen
> www.hansenonline.net
> Remove "bad" from my e-mail address to contact me.
> "If you try to fail, and succeed, which have you done?"

-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.


Relevant Pages

  • Re: Would a firewall prevent Sasser worm?
    ... >>Becouse microsoft has it enabled and vulnerable by default. ... wizdom thinks that this port should be left open". ... ports outside the box after a "default install" (default install ...
    (comp.security.misc)
  • Re: Would a firewall prevent Sasser worm?
    ... >>Becouse microsoft has it enabled and vulnerable by default. ... wizdom thinks that this port should be left open". ... ports outside the box after a "default install" (default install ...
    (comp.security.firewalls)
  • Is FreeBSD ready for desktop (Mozilla Flash)
    ... monitor,, somehow the install fails to detect ... "Macromedia Flash plugin is not available for FreeBSD. ... I quote again "Install the www/linuxpluginwrapper port. ... servers, ...
    (comp.unix.bsd.freebsd.misc)
  • New software uploaded by Denise on Oct 23 07:10:00 -4 2006
    ... and starting compiling the 'bar' port. ... and now where should you install your terminators? ... filter option may run a filter on the wrong type of file and cause ... FreeBSD does not currently support IBM's microchannel bus. ...
    (Linux-Kernel)
  • Re: KMDF Fakemodem not working
    ... I'm using the `Windows Vista and Windows Server Longhorn x86 Checked Build ... install the fakemodem with devcon: ... INf in the sample should tell you how to use devcon to install the driver. ... Why do I need to choose a COM port? ...
    (microsoft.public.development.device.drivers)