Educause Security Discussion mailing list archives
FW: W32/Blaster on Abilene
From: "Bruhn, Mark S." <mbruhn () INDIANA EDU>
Date: Tue, 12 Aug 2003 13:42:07 -0500
The list of sourcing site that Doug mentions below will include Abilene-connected campuses as well as those other campuses that are generating a lot of worm traffic to Abilene-connected campuses. -- Mark S. Bruhn, CISSP, CISM Chief IT Security and Policy Officer Associate Director, Center for Applied Cybersecurity Research -- cacr.iu.edu Office of the Vice President for Information Technology and CIO Indiana University 812-855-0326 Incidents involving IU IT resources: it-incident () iu edu Complaints/kudos about OVPIT/UITS services: itombuds () iu edu -----Original Message----- From: renisac Sent: Tuesday, August 12, 2003 12:27 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: W32/Blaster on Abilene As you're all probably painfully aware by now, a worm exploit of the Microsoft DCOM RPC vulnerability, W32/Blaster, was unleased on Monday August 11. Details regarding the vulnerability and exploit can be found at the references provided below. Worm traffic on Abilene is very high, peaking at 7%+ of all packets on the network. We're performing an analysis of Abilene netflow data, and early this afternoon will provide a private communication to sites that are sourcing a large amount of worm traffic. Recommendations for network border filtering are included the CERT W32/Blaster advisory, http://www.cert.org/advisories/CA-2003-20.html. Filters should be defined as input and output - to protect yourselves and to protect from infecting others. References: Microsoft DCOM RPC: http://www.cert.org/advisories/CA-2003-16.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0352 W32/Blaster: http://www.cert.org/advisories/CA-2003-20.html Regards, Doug Pearson Director, REN-ISAC Indiana University ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- FW: W32/Blaster on Abilene Bruhn, Mark S. (Aug 12)
- <Possible follow-ups>
- Re: FW: W32/Blaster on Abilene SECURITY SECURITY (Aug 15)
- W32/Blaster on Abilene Doug Pearson (Aug 17)