Re: Would a firewall prevent Sasser worm?

From: Lars M. Hansen (badnews_at_hansenonline.net)
Date: 05/06/04 

Date: Thu, 06 May 2004 07:15:17 -0400

On Thu, 06 May 2004 09:27:38 +0800, Bernd Felsche spoketh

>Lars M. Hansen <badnews@hansenonline.net> writes:
>
>>On Wed, 05 May 2004 14:11:14 +0100, Nigel Wade spoketh
>
>>>There is no sun-rpc package in RH8 or RH9· Are you sure you've really
>>>installed them?
>
>>>If you actually meant the portmap package then that is only
>>>required by fam. Since fam is monitoring local filesystems there
>>>is no need to open port 111 to anything other than the loopback
>>>interface. No vulnerability whatsoever.
>
>>>You should not equate Linux with Windows. Just because RPC on
>>>Windows is a security hole does not mean that RPC in Linux is
>>>also.
>
>>Cut from my /etc/services file on my RH8 box:
>
>>sunrpc 111/tcp portmapper # RPC 4.0 portmapper TCP
>>sunrpc 111/udp portmapper # RPC 4.0 portmapper UDP
>
>/etc/services is only for documentation and reference.
>
>No way are the 8000+ other services dosumented *running* on most
>Linux boxes.

I was arguing the name, not whether all services was running.

We seem to be getting way of track. The question was if a firewall would
prevent a Windows computer from being infected with the Sasser worm, and
the answer is yes.

As I have stated elsewhere, Windows does come with some services running
by default that probably shouldn't be, including the Server service...

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)

Relevant Pages

  • Re: Would a firewall prevent Sasser worm?
    ... >Linux boxes. ... I was arguing the name, not whether all services was running. ... The question was if a firewall would ... prevent a Windows computer from being infected with the Sasser worm, ...
    (comp.security.firewalls)
  • Re: Would a firewall prevent Sasser worm?
    ... >Linux boxes. ... I was arguing the name, not whether all services was running. ... The question was if a firewall would ... prevent a Windows computer from being infected with the Sasser worm, ...
    (comp.security.misc)
  • Re: Hardware vs Software Firewall - Pros and Cons?
    ... It's a standard PC running fairly standard ... >> OS with a software firewall on it. ... If it was a Windows computer, ... If someone tried to use our firewall (windows with Symantec Enterprise ...
    (comp.security.firewalls)
  • Re: Attack Launched within Minutes of Signing on for First Time ...
    ... I'll be looking for AVG for virus checker and some freebie firewall. ... I can't believe you actually connected a Windows computer to the Internet before you installed a firewall. ... This is very basic security and perhaps you shouldn't be "helping" other people with their computers. ...
    (microsoft.public.security.virus)
  • Re: Attack Launched within Minutes of Signing on for First Time ...
    ... Just stick with what I presented in the message in the way of questions--virus protection and firewall. ... I'll be looking for AVG for virus checker and some freebie firewall. ... I can't believe you actually connected a Windows computer to the Internet before you installed a firewall. ... This is very basic security and perhaps you shouldn't be "helping" other people with their computers. ...
    (microsoft.public.security.virus)
Quantcast