RE: Please run windows update now

2017-05-12 Thread Keith Medcalf 

Not to mention of course that the version of Windows 10 that actually has all 
Microsoft's wonder-dunder-touted-all-and-fro security features is the one that 
most mere  mortals cannot buy.

I wunder.

When there are these wunderful fluffings of the security of Windows 10, should 
one be suing Microsoft for not explicitly stating in the opening sentence that 
the features touted do not apply to any version of Windows that can be 
purchased at whim (ie, retail) and only applies to the "Enterprise" version 
which is *only* available with a minimum purchase quantity and the selling of 
the first (and second) born to Microsoft, and at that only after entering into 
a really nasty contract with Microsoft?

Or should one be suing all the "security fools and newsfrothers" that 
promulgate the story without specifying that the emperors "new secure clothing" 
is only available to "Enterprise" customers with special contracts to Microsoft 
and failing to warn that Microsoft has deliberately left everyone else "naked 
and unprotected"?

Or should one simply sue them all and let God (or a judge) sort it out?

--
˙uʍop-ǝpısdn sı ɹoʇıuoɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı


> -Original Message-
> From: Joe [mailto:jbfixu...@gmail.com]
> Sent: Friday, 12 May, 2017 23:08
> To: Keith Medcalf
> Cc: nanog@nanog.org
> Subject: Re: Please run windows update now
>
> One word. Linux.
>
> After this we'll probably see (yet more) additional processes running on
> windows boxes safe guarding against issues like this, forcing windoze
> users to upgrade memory/processor/disk space. I, for one, am not looking
> at Windoze 10 S as it locks too many applications needed for work to the
> Windoze store.
>
>
> Getting kind of ridiculous if you ask me.
>
>
> -Joe
>
>
> On Fri, May 12, 2017 at 11:56 PM, Keith Medcalf 
> wrote:
>
>
>
>   Well, this one was patched (or more accurately, undone).  Perhaps.
> Maybe.
>
>   How many other "paid defects" do you estimate there are in Microsoft
> Windows waiting to be exploited when discovered (or disclosed) by someone
> other than the "Security Agency" buying the defect?
>
>   Almost certainly more than just this one ... and almost certainly
> there is more than a single "payor agency" independently purchasing the
> deliberate introduction of code defects.
>
>   --
>   ˙uʍop-ǝpısdn sı ɹoʇıuoɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı
>
>
>   > -Original Message-
>   > From: Nathan Brookfield [mailto:nathan.brookfi...@simtronic.com.au
>  ]
>   > Sent: Friday, 12 May, 2017 22:48
>   > To: Keith Medcalf
>   > Cc: nanog@nanog.org
>   > Subject: Re: Please run windows update now
>   >
>   > Well it was patched by Microsoft of March 14th, just clearly
> people
>   > running large amounts of probably Windows XP have been owned.
>   >
>   > Largely in Russia.
>   >
>   > Nathan Brookfield
>   > Chief Executive Officer
>   >
>   > Simtronic Technologies Pty Ltd
>   > http://www.simtronic.com.au
>   >
>   > On 13 May 2017, at 14:47, Keith Medcalf 
> wrote:
>   >
>   >
>   > The SMBv1 issue was disclosed a year or two ago and never patched.
>   > Anyone who was paying attention would already have disabled SMBv1.
>   >
>   > Thus is the danger and utter stupidity of "overloading" the
> function of
>   > service listeners with unassociated road-apples.  Wait until the
> bad guys
>   > figure out that you can access the same "services" via a
> connection to the
>   > DNS port (UDP and TCP 53) on windows machines ...
>   >
>   > --
>   > ˙uʍop-ǝpısdn sı ɹoʇıuoɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı
>   >
>   >
>   > > -Original Message-
>   > > From: NANOG [mailto:nanog-bounces+kmedcalf  bounces%2Bkmedcalf> =dessus@nanog.org] On
>   > Behalf
>   > > Of Karl Auer
>   > > Sent: Friday, 12 May, 2017 18:58
>   > > To: nanog@nanog.org
>   > > Subject: Re: Please run windows update now
>   > >
>   > >> On Fri, 2017-05-12 at 10:30 -0800, Royce Williams wrote:
>   > >> - In parallel, consider investigating low-hanging fruit by OU
>   > >> (workstations?) to disable SMBv1 entirely.
>   > >
>   > > Kaspersky reckons the exploit applies to SMBv2 as well:
>   > >
>   > > https://securelist.com/blog/incidents/78351/wannacry-ransomware-
> used-in  used-in>
>   > > -widespread-attacks-all-over-the-world/
>   > >
>   > > I thought it was a typo in para 2 and the table, but they
> emailed back
>   > > saying nope, SMBv2 is (was) also broken. However, they also say
> (same
>   > > page) that the MS patch released in March this year fixes it.
>   > >
>   > > Assuming they are right, I wonder why Microsoft didn't mention
> SMBv2?
>   > >
>   > > Regards, K.
>   > >
>

Re: Please run windows update now

2017-05-12 Thread Joe 
One word. Linux.
After this we'll probably see (yet more) additional processes running on
windows boxes safe guarding against issues like this, forcing windoze users
to upgrade memory/processor/disk space. I, for one, am not looking at
Windoze 10 S as it locks too many applications needed for work to the
Windoze store.

Getting kind of ridiculous if you ask me.

-Joe

On Fri, May 12, 2017 at 11:56 PM, Keith Medcalf  wrote:

>
> Well, this one was patched (or more accurately, undone).  Perhaps.  Maybe.
>
> How many other "paid defects" do you estimate there are in Microsoft
> Windows waiting to be exploited when discovered (or disclosed) by someone
> other than the "Security Agency" buying the defect?
>
> Almost certainly more than just this one ... and almost certainly there is
> more than a single "payor agency" independently purchasing the deliberate
> introduction of code defects.
>
> --
> ˙uʍop-ǝpısdn sı ɹoʇıuoɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı
>
>
> > -Original Message-
> > From: Nathan Brookfield [mailto:nathan.brookfi...@simtronic.com.au]
> > Sent: Friday, 12 May, 2017 22:48
> > To: Keith Medcalf
> > Cc: nanog@nanog.org
> > Subject: Re: Please run windows update now
> >
> > Well it was patched by Microsoft of March 14th, just clearly people
> > running large amounts of probably Windows XP have been owned.
> >
> > Largely in Russia.
> >
> > Nathan Brookfield
> > Chief Executive Officer
> >
> > Simtronic Technologies Pty Ltd
> > http://www.simtronic.com.au
> >
> > On 13 May 2017, at 14:47, Keith Medcalf  wrote:
> >
> >
> > The SMBv1 issue was disclosed a year or two ago and never patched.
> > Anyone who was paying attention would already have disabled SMBv1.
> >
> > Thus is the danger and utter stupidity of "overloading" the function of
> > service listeners with unassociated road-apples.  Wait until the bad guys
> > figure out that you can access the same "services" via a connection to
> the
> > DNS port (UDP and TCP 53) on windows machines ...
> >
> > --
> > ˙uʍop-ǝpısdn sı ɹoʇıuoɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı
> >
> >
> > > -Original Message-
> > > From: NANOG [mailto:nanog-bounces+kmedcalf=dessus@nanog.org] On
> > Behalf
> > > Of Karl Auer
> > > Sent: Friday, 12 May, 2017 18:58
> > > To: nanog@nanog.org
> > > Subject: Re: Please run windows update now
> > >
> > >> On Fri, 2017-05-12 at 10:30 -0800, Royce Williams wrote:
> > >> - In parallel, consider investigating low-hanging fruit by OU
> > >> (workstations?) to disable SMBv1 entirely.
> > >
> > > Kaspersky reckons the exploit applies to SMBv2 as well:
> > >
> > > https://securelist.com/blog/incidents/78351/wannacry-
> ransomware-used-in
> > > -widespread-attacks-all-over-the-world/
> > >
> > > I thought it was a typo in para 2 and the table, but they emailed back
> > > saying nope, SMBv2 is (was) also broken. However, they also say (same
> > > page) that the MS patch released in March this year fixes it.
> > >
> > > Assuming they are right, I wonder why Microsoft didn't mention SMBv2?
> > >
> > > Regards, K.
> > >
> > > --
> > > 
> ~~~
> > > Karl Auer (ka...@biplane.com.au)
> > > http://www.biplane.com.au/kauer
> > > http://twitter.com/kauer389
> > >
> > > GPG fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A
> > > Old fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
> > >
> >
> >
> >
>
>
>
>
>

RE: Please run windows update now

2017-05-12 Thread Keith Medcalf 

Well, this one was patched (or more accurately, undone).  Perhaps.  Maybe. 

How many other "paid defects" do you estimate there are in Microsoft Windows 
waiting to be exploited when discovered (or disclosed) by someone other than 
the "Security Agency" buying the defect?

Almost certainly more than just this one ... and almost certainly there is more 
than a single "payor agency" independently purchasing the deliberate 
introduction of code defects.

--
˙uʍop-ǝpısdn sı ɹoʇıuoɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı


> -Original Message-
> From: Nathan Brookfield [mailto:nathan.brookfi...@simtronic.com.au]
> Sent: Friday, 12 May, 2017 22:48
> To: Keith Medcalf
> Cc: nanog@nanog.org
> Subject: Re: Please run windows update now
>
> Well it was patched by Microsoft of March 14th, just clearly people
> running large amounts of probably Windows XP have been owned.
>
> Largely in Russia.
>
> Nathan Brookfield
> Chief Executive Officer
>
> Simtronic Technologies Pty Ltd
> http://www.simtronic.com.au
>
> On 13 May 2017, at 14:47, Keith Medcalf  wrote:
>
>
> The SMBv1 issue was disclosed a year or two ago and never patched.
> Anyone who was paying attention would already have disabled SMBv1.
>
> Thus is the danger and utter stupidity of "overloading" the function of
> service listeners with unassociated road-apples.  Wait until the bad guys
> figure out that you can access the same "services" via a connection to the
> DNS port (UDP and TCP 53) on windows machines ...
>
> --
> ˙uʍop-ǝpısdn sı ɹoʇıuoɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı
>
>
> > -Original Message-
> > From: NANOG [mailto:nanog-bounces+kmedcalf=dessus@nanog.org] On
> Behalf
> > Of Karl Auer
> > Sent: Friday, 12 May, 2017 18:58
> > To: nanog@nanog.org
> > Subject: Re: Please run windows update now
> >
> >> On Fri, 2017-05-12 at 10:30 -0800, Royce Williams wrote:
> >> - In parallel, consider investigating low-hanging fruit by OU
> >> (workstations?) to disable SMBv1 entirely.
> >
> > Kaspersky reckons the exploit applies to SMBv2 as well:
> >
> > https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in
> > -widespread-attacks-all-over-the-world/
> >
> > I thought it was a typo in para 2 and the table, but they emailed back
> > saying nope, SMBv2 is (was) also broken. However, they also say (same
> > page) that the MS patch released in March this year fixes it.
> >
> > Assuming they are right, I wonder why Microsoft didn't mention SMBv2?
> >
> > Regards, K.
> >
> > --
> > ~~~
> > Karl Auer (ka...@biplane.com.au)
> > http://www.biplane.com.au/kauer
> > http://twitter.com/kauer389
> >
> > GPG fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A
> > Old fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
> >
>
>
>

Re: Please run windows update now

2017-05-12 Thread Nathan Brookfield 
Well it was patched by Microsoft of March 14th, just clearly people running 
large amounts of probably Windows XP have been owned.

Largely in Russia.

Nathan Brookfield
Chief Executive Officer

Simtronic Technologies Pty Ltd
http://www.simtronic.com.au

On 13 May 2017, at 14:47, Keith Medcalf  wrote:


The SMBv1 issue was disclosed a year or two ago and never patched.
Anyone who was paying attention would already have disabled SMBv1.

Thus is the danger and utter stupidity of "overloading" the function of service 
listeners with unassociated road-apples.  Wait until the bad guys figure out 
that you can access the same "services" via a connection to the DNS port (UDP 
and TCP 53) on windows machines ...

-- 
˙uʍop-ǝpısdn sı ɹoʇıuoɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı


> -Original Message-
> From: NANOG [mailto:nanog-bounces+kmedcalf=dessus@nanog.org] On Behalf
> Of Karl Auer
> Sent: Friday, 12 May, 2017 18:58
> To: nanog@nanog.org
> Subject: Re: Please run windows update now
> 
>> On Fri, 2017-05-12 at 10:30 -0800, Royce Williams wrote:
>> - In parallel, consider investigating low-hanging fruit by OU
>> (workstations?) to disable SMBv1 entirely.
> 
> Kaspersky reckons the exploit applies to SMBv2 as well:
> 
> https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in
> -widespread-attacks-all-over-the-world/
> 
> I thought it was a typo in para 2 and the table, but they emailed back
> saying nope, SMBv2 is (was) also broken. However, they also say (same
> page) that the MS patch released in March this year fixes it.
> 
> Assuming they are right, I wonder why Microsoft didn't mention SMBv2?
> 
> Regards, K.
> 
> --
> ~~~
> Karl Auer (ka...@biplane.com.au)
> http://www.biplane.com.au/kauer
> http://twitter.com/kauer389
> 
> GPG fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A
> Old fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
>

RE: Please run windows update now

2017-05-12 Thread Keith Medcalf 

The SMBv1 issue was disclosed a year or two ago and never patched.
Anyone who was paying attention would already have disabled SMBv1.

Thus is the danger and utter stupidity of "overloading" the function of service 
listeners with unassociated road-apples.  Wait until the bad guys figure out 
that you can access the same "services" via a connection to the DNS port (UDP 
and TCP 53) on windows machines ...

--
˙uʍop-ǝpısdn sı ɹoʇıuoɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı


> -Original Message-
> From: NANOG [mailto:nanog-bounces+kmedcalf=dessus@nanog.org] On Behalf
> Of Karl Auer
> Sent: Friday, 12 May, 2017 18:58
> To: nanog@nanog.org
> Subject: Re: Please run windows update now
>
> On Fri, 2017-05-12 at 10:30 -0800, Royce Williams wrote:
> > - In parallel, consider investigating low-hanging fruit by OU
> > (workstations?) to disable SMBv1 entirely.
>
> Kaspersky reckons the exploit applies to SMBv2 as well:
>
> https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in
> -widespread-attacks-all-over-the-world/
>
> I thought it was a typo in para 2 and the table, but they emailed back
> saying nope, SMBv2 is (was) also broken. However, they also say (same
> page) that the MS patch released in March this year fixes it.
>
> Assuming they are right, I wonder why Microsoft didn't mention SMBv2?
>
> Regards, K.
>
> --
> ~~~
> Karl Auer (ka...@biplane.com.au)
> http://www.biplane.com.au/kauer
> http://twitter.com/kauer389
>
> GPG fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A
> Old fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
>

Re: Please run windows update now

2017-05-12 Thread Karl Auer 
On Fri, 2017-05-12 at 10:30 -0800, Royce Williams wrote:
> - In parallel, consider investigating low-hanging fruit by OU
> (workstations?) to disable SMBv1 entirely.

Kaspersky reckons the exploit applies to SMBv2 as well:

https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in
-widespread-attacks-all-over-the-world/

I thought it was a typo in para 2 and the table, but they emailed back
saying nope, SMBv2 is (was) also broken. However, they also say (same
page) that the MS patch released in March this year fixes it.

Assuming they are right, I wonder why Microsoft didn't mention SMBv2?

Regards, K.

-- 
~~~
Karl Auer (ka...@biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A
Old fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B

Re: Please run windows update now

2017-05-12 Thread Josh Luthman 
MS17-010
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Fri, May 12, 2017 at 2:35 PM, JoeSox  wrote:

> Thanks for the headsup but I would expect to see some references to the
> patches that need to be installed to block the vulnerability (Sorry for
> sounding like a jerk).
> We all know to update systems ASAP.
>
> --
> Later, Joe
>
> On Fri, May 12, 2017 at 10:35 AM, Ca By  wrote:
>
> > This looks like a major worm that is going global
> >
> > Please run windows update as soon as possible and spread the word
> >
> > It may be worth also closing down ports 445 / 139 / 3389
> >
> > http://www.npr.org/sections/thetwo-way/2017/05/12/
> > 528119808/large-cyber-attack-hits-englands-nhs-hospital-
> > system-ransoms-demanded
> >
>

Re: Please run windows update now

2017-05-12 Thread JoeSox 
Thanks for the headsup but I would expect to see some references to the
patches that need to be installed to block the vulnerability (Sorry for
sounding like a jerk).
We all know to update systems ASAP.

--
Later, Joe

On Fri, May 12, 2017 at 10:35 AM, Ca By  wrote:

> This looks like a major worm that is going global
>
> Please run windows update as soon as possible and spread the word
>
> It may be worth also closing down ports 445 / 139 / 3389
>
> http://www.npr.org/sections/thetwo-way/2017/05/12/
> 528119808/large-cyber-attack-hits-englands-nhs-hospital-
> system-ransoms-demanded
>

Re: Please run windows update now

2017-05-12 Thread Royce Williams 
My $0.02, for people doing internal/private triage:

- If your use of IPv4 space is sparse by routes, dump your internal routing
table and convert to summarized CIDR.

- Feed your CIDRs to masscan [1] to scan for internal port 445 (masscan
randomizes targets, so destination office WAN links won't saturate, but
local/intermediate might if you're not careful, so tune):

sudo masscan -p445 --rate=[packets-per-second safe for your network]
-iL routes.list -oG masscan-445.out

- Use https://github.com/RiskSense-Ops/MS17-010/tree/master/scanners (the
python2 one, or the Metasploit one if you can use that internally) to
detect vuln. the python one is not* a parallelized script, so consider
breaking it into multiple parallel runners if you have a lot of scale.

- If you're using SCCM/other, verify that MS17-010 was applied - but be
mindful of Windows-based appliances not centrally patched, etc. Trust but
verify.

- In parallel, consider investigating low-hanging fruit by OU
(workstations?) to disable SMBv1 entirely.

Royce

1. https://github.com/robertdavidgraham/masscan

On Fri, May 12, 2017 at 10:02 AM, Alexander Maassen 
wrote:

> Hail backups, and whoever keeps those ports accessible to the outside
> without a decent ACL in the firewall, or restricting it to (IPsec) VPN's
> should be shot on sight anyways.
>
> On Fri, May 12, 2017 7:35 pm, Ca By wrote:
> > This looks like a major worm that is going global
> >
> > Please run windows update as soon as possible and spread the word
> >
> > It may be worth also closing down ports 445 / 139 / 3389
> >
> > http://www.npr.org/sections/thetwo-way/2017/05/12/
> 528119808/large-cyber-attack-hits-englands-nhs-hospital-
> system-ransoms-demanded
> >
>
>
>

Weekly Routing Table Report

2017-05-12 Thread Routing Analysis Role Account 
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.

The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG,
MENOG, SAFNOG, SdNOG, BJNOG, CaribNOG and the RIPE Routing WG.

Daily listings are sent to bgp-st...@lists.apnic.net

For historical data, please see http://thyme.rand.apnic.net.

If you have any comments please contact Philip Smith .

Routing Table Report   04:00 +10GMT Sat 13 May, 2017

Report Website: http://thyme.rand.apnic.net
Detailed Analysis:  http://thyme.rand.apnic.net/current/

Analysis Summary


BGP routing table entries examined:  647949
Prefixes after maximum aggregation (per Origin AS):  252345
Deaggregation factor:  2.57
Unique aggregates announced (without unneeded subnets):  312474
Total ASes present in the Internet Routing Table: 57146
Prefixes per ASN: 11.34
Origin-only ASes present in the Internet Routing Table:   49440
Origin ASes announcing only one prefix:   21895
Transit ASes present in the Internet Routing Table:7706
Transit-only ASes present in the Internet Routing Table:225
Average AS path length visible in the Internet Routing Table:   4.3
Max AS path length visible:  40
Max AS path prepend of ASN ( 55644)  36
Prefixes from unregistered ASNs in the Routing Table:70
Numnber of instances of unregistered ASNs:   74
Number of 32-bit ASNs allocated by the RIRs:  18557
Number of 32-bit ASNs visible in the Routing Table:   14400
Prefixes from 32-bit ASNs in the Routing Table:   58461
Number of bogon 32-bit ASNs visible in the Routing Table:44
Special use prefixes present in the Routing Table:0
Prefixes being announced from unallocated address space:410
Number of addresses announced to Internet:   2844831332
Equivalent to 169 /8s, 144 /16s and 174 /24s
Percentage of available address space announced:   76.8
Percentage of allocated address space announced:   76.8
Percentage of available address space allocated:  100.0
Percentage of address space in use by end-sites:   98.6
Total number of prefixes smaller than registry allocations:  216616

APNIC Region Analysis Summary
-

Prefixes being announced by APNIC Region ASes:   177386
Total APNIC prefixes after maximum aggregation:   51032
APNIC Deaggregation factor:3.48
Prefixes being announced from the APNIC address blocks:  176560
Unique aggregates announced from the APNIC address blocks:73228
APNIC Region origin ASes present in the Internet Routing Table:8091
APNIC Prefixes per ASN:   21.82
APNIC Region origin ASes announcing only one prefix:   2256
APNIC Region transit ASes present in the Internet Routing Table:   1144
Average APNIC Region AS path length visible:4.4
Max APNIC Region AS path length visible: 40
Number of APNIC region 32-bit ASNs visible in the Routing Table:   2917
Number of APNIC addresses announced to Internet:  763012964
Equivalent to 45 /8s, 122 /16s and 167 /24s
APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431
(pre-ERX allocations)  23552-24575, 37888-38911, 45056-46079, 55296-56319,
   58368-59391, 63488-64098, 64297-64395, 131072-137529
APNIC Address Blocks 1/8,  14/8,  27/8,  36/8,  39/8,  42/8,  43/8,
49/8,  58/8,  59/8,  60/8,  61/8, 101/8, 103/8,
   106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8,
   116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8,
   123/8, 124/8, 125/8, 126/8, 133/8, 150/8, 153/8,
   163/8, 171/8, 175/8, 180/8, 182/8, 183/8, 202/8,
   203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8,
   222/8, 223/8,

ARIN Region Analysis Summary


Prefixes being announced by ARIN Region ASes:197389
Total ARIN prefixes after maximum aggregation:94167
ARIN Deaggregation factor: 2.10
Prefixes being announced from the ARIN address blocks:   199487
Unique aggregates announced from the ARIN address blocks: 91432
ARIN Region origin ASes present in the Internet Routing Table:17904
ARIN Prefixes per ASN:11.14
ARIN Region

Re: Please run windows update now

2017-05-12 Thread Alexander Maassen 
Hail backups, and whoever keeps those ports accessible to the outside
without a decent ACL in the firewall, or restricting it to (IPsec) VPN's
should be shot on sight anyways.

On Fri, May 12, 2017 7:35 pm, Ca By wrote:
> This looks like a major worm that is going global
>
> Please run windows update as soon as possible and spread the word
>
> It may be worth also closing down ports 445 / 139 / 3389
>
> http://www.npr.org/sections/thetwo-way/2017/05/12/528119808/large-cyber-attack-hits-englands-nhs-hospital-system-ransoms-demanded
>

Please run windows update now

2017-05-12 Thread Ca By 
This looks like a major worm that is going global

Please run windows update as soon as possible and spread the word

It may be worth also closing down ports 445 / 139 / 3389

http://www.npr.org/sections/thetwo-way/2017/05/12/528119808/large-cyber-attack-hits-englands-nhs-hospital-system-ransoms-demanded