Firewall Wizards mailing list archives
Re: Code Red paths
From: "bacano" <bacano () esoterica pt>
Date: Wed, 8 Aug 2001 15:45:20 +0100
hi2all From: "robert_david_graham" <robert_david_graham () yahoo com>
Likewise, looking at CodeRed attacks against my own computer, an amazing number of them are coming through high ports > 20,000, indicating that
they
going through NATs (Microsoft doesn't allocate client dynamic ports that high).
(...) I didn't find a huge number of attacks coming through ports > 20k, but yes there are some, for example using 38198 or 44151, and only since 2Aug. I found this also in one of my pc's at home (win without any web server running/installed)
This indicates the worm found ways through backdoors, then came out the front doors.
(...) Yeah, the worm found ways through some open windows and also knows that a firewall after all is just the front door, and that there is allways an open window on the back =)
Are other people seeing the same thing? It seems to me that CodeRedII has demonstrated how week the firewall front-ends really are.
(...) The new thing here (if it is new) is that it is a worm doing this ... now, will companies start to *really* care about security in all aspects, or since "it's just a worm", the only thing needed is to patch the system and upgrade the anti-virus? [ ]'s bacano _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Re: Code Red: What security specialist don't mention inwarnings(Frank Knobbe) Joseph Steinberg (Aug 07)
- Code Red paths robert_david_graham (Aug 08)
- Re: Code Red paths bacano (Aug 10)
- Re: Code Red paths R. DuFresne (Aug 10)
- Re: Re: Code Red: What security specialist don't mentioninwarnings(Frank Knobbe) Paul Cardon (Aug 10)
- Code Red paths robert_david_graham (Aug 08)