On the network side, the day of the notice, we issued a constant scan of PC's on our Snort box. We were scanning machines attempting to make constant connections on port 69, 135, and 4444. We found none. Fortunately, our windows admins came in early, updated our trend server with the virus definitions, and pushed the update to our PC's. I'm very fortunate that we have a proficient IS staff.
I've found a good site, www.f-secure.com. They're very good @ keeping up-to-date with the most recent outbreaks. Just my 2 cents. -Nate ----- Original Message ----- From: "Priscilla Oppenheimer" To: Sent: Saturday, August 16, 2003 10:22 AM Subject: OT Microsoft worm [7:74045] > Just wondering, is this new LOVSAN msblast worm as big as it seems to be? > I've been helping lots of Windows users clean up their machines. They all > had the worm. These are mostly home users. I can't believe they would use > broadband, "always-on" access and not have a firewall, but they didn't! > > What are you all seeing? Is this a big one? I suppose enterprise networks > are much better protected (hopefully) than the home networks I've been > helping out with. > > One has to wonder if the huge power outage could be related. I can imagine a > Windows computer somewhere in Ohio that played a surprisingly important role > in keeping the grid working and had been infected..... But I read a lot of > science fiction. :-) > > By the way, the stupid worm is attacking the wrong Microsoft URL! So that > aspect of it isn't going to be as bad as once thought. > > Comments? > > Priscilla > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74063&t=74045 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
