Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Connectivity problems with the US Army
From: David Gillett <gillettdavid () FHDA EDU>
Date: Fri, 19 Jan 2007 09:46:40 -0800

  No machines on our network were successfully infected by this
virus/worm.  After a few days of monitoring it, we closed port
2967 to all but a select subnet, and went on with life.  The volume
that reached here was never enough to consider blocking source ranges.

David Gillett


-----Original Message-----
From: Brock, Anthony - NET [mailto:Anthony.Brock () OREGONSTATE EDU]
Sent: Friday, January 19, 2007 9:18 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Connectivity problems with the US Army

-----Original Message-----
Maybe they meant 29 IPs were probing.  We saw around 35 of your IPs
either scanning port 2967 or actively attempting to exploit the
Symantec vulnerability against systems here.

Very possible. However, this still seems a bit extreme for
implementing a "permanent block" of this scale. Also, there
should be some method for notifying the affected site and
correcting the issue.

Tony


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]