Home page logo

nanog logo nanog mailing list archives

Re: Navy Marine Corps Internet hit
From: Scott Weeks <surfer () mauigateway com>
Date: Tue, 19 Aug 2003 14:28:00 -1000 (HST)

On Tue, 19 Aug 2003 vern () ee lbl gov wrote:

: > Obviously they didn't filter 135, 137-139, 445, and 4444 inbound
: Not obvious.  I know of several sites that were infected even though they
: had filters in place, due to infected laptops being brought on-site.

:: The new EDS managed Navy Marine Corps Intranet with 100,000 users has
:: become so congested by worm traffic it can not be used for useful work
:: today.

I figured that a network with 100K+ users that could "become so congested
by worm traffic it can not be used for useful work" would've been been
compromised by more than some infected laptops and whatnot being brought
onsite.  I have that method of infection and I was still able to keep
things under control.  (Now if I could get all the end-users to not click
on the .pif, .scr, etc. attachments...)  Maybe I was just lucky.  Most
likely, though, they did not create "security zones" to keep problems
contained within certain network segments and not let them out to destroy
other networks.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]