RE: [inbox] Re: Fw: Sasser author

["Exibar" <exibar () thelair com>]

I'ts not really that simple though.

 Ok, this guy has 50 or so machines on a (assumed) flat network.  He's
running Checkpoint-1 firewall and blocking all not-needed ports, etc etc.
He feels that because he has a firewall blocking the Sasser ports at the
only internet ingress/egress point that he's safe and doesn't care that 90%
of those 50 machines aren't patched because "he's safe, he has the ports
blocked at the firewall".

  WRONG!!!

  All it takes is his Vice President, whose not patched yet because the
admin didn't want to disturb him late on a Friday, to plug his machine into
his home internet connection and WHAM, now he's infected but doesn't know it
yet.  Sure his machine shuts down but he just figures he'll bring it into
the office on Monday and ask the admin what he did wrong.
  Comes Monday morning that VP plugs into the network and infects the entire
network in seconds...

  Where's your precious firewall only solution going to help now?  Oh yah,
it'll keep the worm from spreading OUTSIDE the company now.... tsk tsk
tsk.... should have patched when he had the chance....

  Exibar

> -----Original Message-----
> From: William Warren
> [mailto:hescominsoon () emmanuelcomputerconsulting com]
> Sent: Friday, May 14, 2004 5:39 PM
> Cc: full-disclosure () lists netsys com
> Subject: [inbox] Re: Fw: [Full-disclosure] Sasser author
>
>
> any firewall even the one inside xp would have stopped sasser and you
> would have been able to patch at your leisure.
>
> Paolo Mattiangeli wrote:
>
> > ----- Original Message -----
> > From: "Paolo Mattiangeli" <pamatt () centrodiascolto it>
> > To: <full-disclosure () lists netsys com>
> > Sent: Friday, May 14, 2004 5:41 PM
> > Subject: Re: [Full-disclosure] Sasser author
> >
> >
> >
> > > I am responsible for security in a small business' network (50-or-so
> > > machines, most of them running MS OSs). I have been aware of
> MSS bulletins
> > > as soon as they where out, and made sure to apply patches as specified.
> > > Sasser did nothing to my offices' network. But, on the other
> hand, I have
> > a
> >
> > > single PC at home, one I don't use very much, and I often forget to deal
> > > with security patches on that machine. Well - would you bet? - I got a
> > > Sasser infection at home, which caused me the discomfort of a late-night
> > > session of cleaning, disinfeting, patching and do on. I put the blame on
> >
> > me,
> >
> > > of course. But sure I could have spent that night doing
> something better,
> > > chat-cheating the wife, reading a book, going to the movies and
> so on. So
> > my
> >
> > > question is: what wrong did al this do to The Microsoft BEAST?
> It only did
> > > some wrong to me and my personal life. I could have avoided that, but
> >
> > can't
> >
> > > I feel safe at home? Should I be satisfied at thinking that
> this guy is a
> > > "social naive" whith no conscience of the consequences of his
> acts? Isn't
> > > this what the law is meant for, to protect citizens and
> business from the
> > > consequences of other people's acts?
> > >
> > > Just another 0.02 worth comment in this thread, that is going
> stale IMO...
> > > Paolo Mattiangeli
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> --
> My "Foundation" verse:
> Isa 54:17  No weapon that is formed against thee shall prosper; and
> every tongue that shall rise against thee in judgment thou shalt
> condemn. This is the heritage of the servants of the LORD, and their
> righteousness is of me, saith the LORD.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html