Home page logo
/

nanog logo nanog mailing list archives

Re: Port blocking last resort in fight against virus
From: Jack Bates <jbates () brightok net>
Date: Tue, 12 Aug 2003 17:53:23 -0500


Christopher L. Morrow wrote:

So, if in YOUR network you want to do this blocking, go right ahead, but I
wouldn't expect anyone else to follow suit unless they already determined
there was a good reason for themselves to follow suit. As an aside, a day
or so of 5 minutely reboots teaches even the slowest user to find a
firewall product and upgrade/update their systems, eh?

Yeah. I hate to admit it, but there is a lot gained from this worm. The of the worm will secure a lot of systems from other exploits of the same vulnerability which can be used for much worse. From what I've seen, a lot of networks have sent user's to custom webpages to assist in patching and removal of the worm. I wonder if microsoft minds the redistribution of patches in this senario. ;)

My outbound ratio of worm to total packets has decreased to 7%. Helpdesk call volume has increased drastically, but we expect things to be close to normal by end week.

As a side note, I think one of my peers issued a 135 block in their core (haven't checked). The inbound scan numbers should be much higher than they are.

-Jack


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]