Re: Would a firewall prevent Sasser worm?
Date: 05/05/04

Date: Wed, 5 May 2004 06:08:15 +0000 (UTC)

In Lars M. Hansen <> wrote:
> On Tue, 4 May 2004 18:07:15 +0000 (UTC),
> spoketh

>>In Bill Unruh <> wrote:
>>> Lars M. Hansen <> writes:
>>> ]On Tue, 04 May 2004 08:33:32 GMT, Piotr Makley spoketh
>>> ]>If I had a firewall would that prevent the Sasser worm infecting my
>>> ]>PC?
>>> ]>
>>> ]>I mean, if another infected system cannot see my ports because they
>>> ]>are stealthed then presumably Sasser could not infect me?
>>> ]Yes, any firewall that blocks incoming port 445 will prevent infection
>>> ]by the Sasser worm.
>>> Why is port 445 open on his system in the first place?
>>Becouse microsoft has it enabled and vulnerable by default.

> "Vulnerable by default"? What the F*** does that mean? Does that mean

It means the ordinary thing "Its enabled by your vendor, who in their infinite
wizdom thinks that this port should be left open".

The opposit is examplified with FreeBSD that has zero externally reachable
ports outside the box after a "default install" ( default install
is defined as one where all suggestions is accepoted without changes)

> when the next vulnerability for linux are discovered, the Microsoft camp
> can claim that linux are "vulnerable by default"?

You should think before writing.

> Lars M. Hansen
> Remove "bad" from my e-mail address to contact me.
> "If you try to fail, and succeed, which have you done?"

Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.