[rescue] Fair Warning RPC Worm
nimitz at nimitzbrood.com
Tue Aug 12 12:45:42 CDT 2003
On Tuesday, August 12, 2003, at 12:42 PM, Kevin wrote:
> That's not entirely true. Your outside laptop users (assuming you
> have them as most companies have at least a few) can be a threat.
> Your firewall could be right n' tight, but if some luser connects to
> an ISP with his laptop from home and then becomes infected, then
> connects up to your internal network the next day, you're screwed. I
> patched up all our laptops that actually leave the place yesterday so
> i'm OK, but this scenario got Carnival Cruise lines just last night.
> I'm in favor of putting all my laptop users in the own DMZ, might just
> do that....
I can see this. I was, however, talking about locally connected units
not portables - my bad for not specifying.
As for mobile users. A little education, Zone Alarm, and training to
call you "If you don't know what program is safe to let access the
Internet." and you can prevent some of this. Now you'll have more
Helldesk work but almost any laptop user is more of that anyway.
> Does anyone know if this worm would affect machines that are being
> used by users lacking administrative privileges? Not having your
> users in the local admin group helps with some viri but i'm not so
> sure about this one.
No clue but I'm sure CERT will have something if they don't already.
> BTW: Gibson's tools may work but he's a fuck monkey of the highest
> order. According to him, the internet as we know it should not exist
> since the release of XP. Null connects and raw sockets are going to
> destroy the world!!!
I have the highest respect for Gibson. He's done a lot. And for my
money there's nothing wrong with standing to a hard-line position on
network security. Is he more paranoid than others - certainly. But so
if Theo De Ratt and how many out there use OpenBSD _because_ of that?
Quite a few - myself included. If people like Theo and Gibson weren't
pushing for security stuff things would probably be a lot worse.
As for XP - I don't buy rentalware.
Medieval Combat anyone? http://www.kingsofchaos.com/page.php?id=694655
More information about the rescue