On Tue, 19 Aug 2003 [EMAIL PROTECTED] wrote:
: > Obviously they didn't filter 135, 137-139, 445, and 4444 inbound
:
: Not obvious. I know of several sites that were infected even though they
: had filters in place, due to infected laptops being brought on-site.
:: The new EDS managed Navy Marine Corps Intranet with 100,000 users has
:: become so congested by worm traffic it can not be used for useful work
:: today.
I figured that a network with 100K+ users that could "become so congested
by worm traffic it can not be used for useful work" would've been been
compromised by more than some infected laptops and whatnot being brought
onsite. I have that method of infection and I was still able to keep
things under control. (Now if I could get all the end-users to not click
on the .pif, .scr, etc. attachments...) Maybe I was just lucky. Most
likely, though, they did not create "security zones" to keep problems
contained within certain network segments and not let them out to destroy
other networks.
scott