[rescue] Fair Warning RPC Worm

Mike Hebel nimitz at nimitzbrood.com
Tue Aug 12 12:45:42 CDT 2003

On Tuesday, August 12, 2003, at 12:42 PM, Kevin wrote:

> That's not entirely true.  Your outside laptop users (assuming you 
> have them as most companies have at least a few) can be a threat.  
> Your firewall could be right n' tight, but if some luser connects to 
> an ISP with his laptop from home and then becomes infected, then 
> connects up to your internal network the next day, you're screwed.  I 
> patched up all our laptops that actually leave the place yesterday so 
> i'm OK, but this scenario got Carnival Cruise lines just last night.  
> I'm in favor of putting all my laptop users in the own DMZ, might just 
> do that....

I can see this.  I was, however, talking about locally connected units 
not portables - my bad for not specifying.

As for mobile users.  A little education, Zone Alarm, and training to 
call you  "If you don't know what program is safe to let access the 
Internet." and you can prevent some of this.  Now you'll have more 
Helldesk work but almost any laptop user is more of that anyway.

> Does anyone know if this worm would affect machines that are being 
> used by users lacking administrative privileges?  Not having your 
> users in the local admin group helps with some viri but i'm not so 
> sure about this one.

No clue but I'm sure CERT will have something if they don't already.

> BTW: Gibson's tools may work but he's a fuck monkey of the highest 
> order.  According to him, the internet as we know it should not exist 
> since the release of XP.  Null connects and raw sockets are going to 
> destroy the world!!!

I have the highest respect for Gibson.  He's done a lot.  And for my 
money there's nothing wrong with standing to a hard-line position on 
network security.  Is he more paranoid than others - certainly.  But so 
if Theo De Ratt and how many out there use OpenBSD _because_ of that?  
Quite a few - myself included.  If people like Theo and Gibson weren't 
pushing for security stuff things would probably be a lot worse.

As for XP - I don't buy rentalware.

Mike Hebel

Medieval Combat anyone? http://www.kingsofchaos.com/page.php?id=694655

More information about the rescue mailing list