Priscilla Oppenheimer wrote: > Just wondering, is this new LOVSAN msblast worm as big as it seems to be? > I've been helping lots of Windows users clean up their machines. They all > had the worm. These are mostly home users. I can't believe they would use > broadband, "always-on" access and not have a firewall, but they didn't! > > What are you all seeing? Is this a big one? I suppose enterprise networks > are much better protected (hopefully) than the home networks I've been > helping out with. > > One has to wonder if the huge power outage could be related. I can imagine a > Windows computer somewhere in Ohio that played a surprisingly important role > in keeping the grid working and had been infected..... But I read a lot of > science fiction. :-) > > By the way, the stupid worm is attacking the wrong Microsoft URL! So that > aspect of it isn't going to be as bad as once thought. > > Comments? > > Priscilla > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > The NANOG list has had *much* discussion of this worm (before handling the effects of the power outage took priority -- imagine, AOL relies on local power for its modem banks [grin]).
There was a lot of 445 and 135 scanning on my firewall logs leading up to worm day, and the Internet Storm Center (http://isc.sans.org) showed a strong increase, as well, based on DShield data. A fair amount of my business is getting broadband users firewalled -- patching is the next step. The power outage does not appear related. There is a major transmission loop around Lake Erie (300,000MW IIRC). The last I saw, they believed a burst of power was sent counterflow-- if the usual flow is clockwise, this was sent counterclockwise. When and where the 2 flows met is the source of the failure, and then things cascaded from there. The final report will be interesting, though. There has been much discussion of late regarding infrastructure and network exposures. I have Black Ice pre-ordered from Amazon: http://www.amazon.com/exec/obidos/ASIN/0072227877/qid=1061058479/sr=2-1/ref=sr_2_1/002-7066961-6172840 Seems especially timely, now... Annlee Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74047&t=74045 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
