Full Disclosure mailing list archives
RE: Worm?
From: "SNOsoft" <simon () snosoft com>
Date: Mon, 16 Jan 2006 00:07:08 -0500
David, I'm tempted to flame you because of the email that you sent, but instead, I'll be nice. My first word of advice to you is do not send emails like this to public mailing lists. They advertise either your lack of technical competence or lack of time to react to an incident. Questions: 1-) Why didn't your IPS Vendor (assuming that it's a Managed Security Services Provider) provide you with any payload information (Packet Capture)? At the very least they should have told you what port this thing was sending data to/from and what systems it was impacting. If they didn't provide you with that, find a better MSSP. 2-) Why haven't you sniffed your network and collected any of this traffic for analysis on your own? If you have then why didn't you provide this to the list to analyze? 3-) Last one... How did you not notice "large volumes of traffic" that are abnormal? Don't you have any type of network traffic monitors in place? You are after all the Corporate IT Security guy.... Hell... Doesn't this very email violate your security policy? Just my two cents... -simon
-----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of TheGesus Sent: Sunday, January 15, 2006 10:38 PM To: Byrne, David Cc: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Worm?Our IPS vendor is reporting a number of customers affected by large volumes of traffic generated by a worm. Anyone have details? Thanks, David ByrneSame as it ever was... same as it ever was... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
BullGuard Anti-virus has scanned this e-mail and found it clean. Try BullGuard for free: www.bullguard.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/