nanog mailing list archives
RE: FW: Worms versus Bots
From: "Smith, Donald" <Donald.Smith () qwest com>
Date: Tue, 4 May 2004 10:20:52 -0600
Sean thanks I just reread XP sp2 details and your right sp2 starts the firewall SOONER during boot (like before it starts most network services :-) http://msdn.microsoft.com/security/default.aspx?pull=/library/en-us/dnwx p/html/securityinxpsp2.asp Boot time security. In earlier versions of Windows there is a window of time between when the network stack started and when ICF provided protection. Consequently, a packet could have been received and delivered to a service without ICF filtering it, potentially exposing the computer to vulnerabilities. In SP2, the firewall driver has a static rule called a boot-time policy to perform stateful filtering. This will allow the computer to perform basic networking tasks such as DNS and DHCP and communicate with a Domain Controller to obtain policy. Once the firewall service is running, it will load and apply the run-time ICF policy and remove the boot-time filters. This change should increase system security without affecting applications. Donald.Smith () qwest com GCIA http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAF00EDCC pgpFingerPrint:9CE4 227B B9B3 601F B500 D076 43F1 0767 AF00 EDCC kill -13 111.2
-----Original Message----- From: Sean Donelan [mailto:sean () donelan com] Sent: Tuesday, May 04, 2004 8:55 AM To: Smith, Donald Cc: nanog () merit edu Subject: RE: FW: Worms versus Bots On Tue, 4 May 2004, Smith, Donald wrote:If you follow these steps outlined by SANS you should be able to successfully update and NOT get infected. This is short,easy, fullydocumented (with pictures :) http://www.sans.org/rr/papers/index.php?id=1298The risk is smaller, but still exists if you follow these directions for XP pre-SP2. See the Microsoft release notes for XP SP2 for details about the fix. If you do not have XP SP2, you need to disconnect your computer from the network prior to every boot cycle until it is fully patched.
Current thread:
- RE: FW: Worms versus Bots, (continued)
- RE: FW: Worms versus Bots Sean Donelan (May 04)
- RE: FW: Worms versus Bots Daniel Senie (May 04)
- RE: FW: Worms versus Bots Michael . Dillon (May 05)
- RE: FW: Worms versus Bots william(at)elan.net (May 05)
- Re: Worms versus Bots Matthew Crocker (May 05)
- Re: FW: Worms versus Bots Robert E. Seastrom (May 05)
- Re: FW: Worms versus Bots Alexei Roudnev (May 06)
- Re: FW: Worms versus Bots Chris Adams (May 07)
- Re: FW: Worms versus Bots Jeff Shultz (May 07)
- Re: FW: Worms versus Bots Alexei Roudnev (May 07)
- RE: FW: Worms versus Bots Sean Donelan (May 04)
- Message not available
- RE: FW: Worms versus Bots Daniel Senie (May 04)
- RE: FW: Worms versus Bots Rob Nelson (May 04)
- Re: Worms versus Bots Iljitsch van Beijnum (May 06)
- Re: Worms versus Bots Valdis . Kletnieks (May 06)