Date: Mon, 27 Oct 2003 06:20:55 -0700 From: Brett Glass <brett@lariat.org> To: Ross Wheeler <rossw@albury.net.au>, Jason Stone <freebsd-security@dfmm.org> Cc: security@freebsd.org Subject: Re: Best way to filter "Nachi pings"? Message-ID: <6.0.0.22.2.20031027061831.04c88c18@localhost> In-Reply-To: <Pine.BSF.4.31.0310272218340.66532-100000@giroc.albury.net. au> References: <20031027030027.B8440@walter> <Pine.BSF.4.31.0310272218340.66532-100000@giroc.albury.net.au>
next in thread | previous in thread | raw e-mail | index | archive | help
At 04:23 AM 10/27/2003, Ross Wheeler wrote: >The "best" option is to actively monitor for this worm (its NOT difficult, >a few lines of awk and tcpdump does fine here), *DETECT* the worm on your >customers machine, mail them, mail your support team and BOOT THEM. That's assuming it's your customer. We're being flooded from OUTSIDE. There seem to be approximately one zillion hacked Windows machines out there, and zero inside our networks (because we're blocking the appropriate ports). We've had only one infection behind that particular router, and it came when someone brought in a laptop that had been connected elsewhere. --Brett
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.0.0.22.2.20031027061831.04c88c18>