Ugh. > When I see people post erroneous information, I post a correction, > as I would hope others will do when I make errors.
Yes, John posted a correction to your erroneous position that Nimda does not have an infection vector that would be stopped by egress filtering at the Internet firewall. In fact, it does have at least two such vectors: (1) unrestricted client-to-Internet HTTP, rather than proxied HTTP only; as F-Secure puts it, "it is the first worm to use normal end user machines to scan for vulnerable web sites"; and (2) unrestricted server-to-Internet TFTP, which allows it to force an initially compromised server to download the worm DLL. He's looking for a "You're right, that does apply" on Nimda, that's all. *His* issue, then, is one of etiquette: simply his expectation of a casual retraction. Yet this would not apply if *you* don't grant that his position was backed up to your satisfaction! Seems that you two have not actually agreed on what your argument is--so there it is. Do with it what you will, I guess off-list. -Sandy To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
