Firewall Wizards mailing list archives
Re: worm + VPN + firewall
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Sun, 17 Aug 2003 12:13:27 -0400 (EDT)
On Sat, 16 Aug 2003, Carric Dooley wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have worked with a client that started getting RPC scans from their VPN range the day the worm was released. Luckily they had patched most of their systems. I agree that the VPN segment should be DMZ'd, but typically those users have acess to NetBIOS so they can map shares, etc. If you didn't patch, you are hosed on this one. Lots of people didn't learn from Nimda.
Even many that tried to patch got slammed here, as the tools to determine patch level and/or the success of application are not foolproofed. But, the biggest thing is coming out from all the recent worms of the past 2 years or so that have struck the windows platforms is how messed up the whole patch process is in that realm! Slammer showed that a patched system could be made vulnerable again but simply installing new software, or that even other patches might put the system back into high risk. I'm just glad it's not my headache! Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- worm + VPN + firewall Mordechai T. Abzug (Aug 15)
- Re: worm + VPN + firewall R. DuFresne (Aug 15)
- Re: worm + VPN + firewall Carric Dooley (Aug 17)
- Re: worm + VPN + firewall R. DuFresne (Aug 18)
- Re: worm + VPN + firewall Paul Robertson (Aug 18)
- Re: worm + VPN + firewall Bennett Todd (Aug 18)
- Re: worm + VPN + firewall Carric Dooley (Aug 17)
- Re: worm + VPN + firewall R. DuFresne (Aug 15)
- RE: worm + VPN + firewall lordchariot (Aug 15)
- <Possible follow-ups>
- RE: worm + VPN + firewall Ames, Neil (Aug 15)
- RE: worm + VPN + firewall Steve Evans (Aug 15)