I think you're leaving out a very viable possibility in your summary...
What if BoA took a proactive approach and shut down their SQL environment
(even though none of us known conclusively if they're a SQL or Oracle shop)
to verify that it was in fact clean and not compromised. When you're
Alex, although technically correct, its not practical. How many end users
vpn in from home from say a public ip on their dsl modem leaving
themselves open to attack but now also having this connection back to the
Secure inside network. Has anyone heard of any confirmed cases of this
yet?
On Mon, 27 Jan 2003, Scott Granados wrote:
Alex, although technically correct, its not practical. How many end users
vpn in from home from say a public ip on their dsl modem leaving
themselves open to attack but now also having this connection back to the
Secure inside network. Has
On Mon, 27 Jan 2003 14:50:22 EST, [EMAIL PROTECTED] said:
This is not correct. VPN simply extends security policy to a different
location. A VPN user must make sure that local security policy prevents
other traffic from entering VPN connection.
Given that the head of one of our
On Mon Jan 27, 2003 at 03:03:09PM -0500, [EMAIL PROTECTED] wrote:
Alex, although technically correct, its not practical. How many end users
vpn in from home from say a public ip on their dsl modem leaving
themselves open to attack but now also having this connection back to the
Secure
On Mon Jan 27, 2003 at 03:03:09PM -0500, [EMAIL PROTECTED] wrote:
Alex, although technically correct, its not practical. How many end users
vpn in from home from say a public ip on their dsl modem leaving
themselves open to attack but now also having this connection back to the
This is not correct. VPN simply extends security policy to a different
location. A VPN user must make sure that local security policy prevents
other traffic from entering VPN connection.
Given that the head of one of our three-letter-agencies managed to get
this sort of thing wrong,
knowing absolutely nothing about how BoA ATM's work
It could be that BoA's network wasn't flooded / servers infected, but that
the ATM's do not dial BoA directly, and dial somewhere else (ie, maybe some
kind of ATM Dial Provider, nationwide wholesale, etc), and then tunnel back
to BoA to
On Mon, 27 Jan 2003 15:33:34 EST, [EMAIL PROTECTED] said:
This is not correct. VPN simply extends security policy to a different
location. A VPN user must make sure that local security policy prevents
other traffic from entering VPN connection.
Given that the head of one of our
Now that the noise level (SQLSlammer) is down:
It looks like ATT put the finger back into the dike on this for now:
You don't really want your customer service call center get flooded by
two issues at once:
http://www.internet-magazine.com/news/view.asp?id=3110
On 1/24/2003 at 7:16 PM, [EMAIL
alex This is a very bad band-aid. The solution is amazingly simple -
Just to be clear, the solution to WHAT is amazingly simple?
alex make it uneconomical to have unprotected networks,
For whom to have unprotected networks? What constitutes a protected
network? How does one make it
On Mon, Jan 27, 2003 at 08:10:15PM +, Simon Lockhart wrote:
As I suspected, but I keep being told that these problems were in old style
VPN clients, and stuff is much better these days. I remain unconvinced.
A good VPN client (I'm familiar with Nortel) will enforce no *simultaneous*
Given that the head of one of our three-letter-agencies managed to get
this sort of thing wrong, what makes you think that Joe Middle-Manager
who's more concerned about fixing a spreadsheet will get it correct?
Because it is not that difficult. A security policy of a little office
Dear nanog,
I apologize in advance for my off-topic posting. I doubt I am alone,
though, in saying that Alex Yuriev needs to slow his roll.
Alex, stop sending a follow-up to everything you read. If you really
have something to say, please just write a pointed email with a sensible
subject and
On Mon Jan 27, 2003 at 04:00:51PM -0500, [EMAIL PROTECTED] wrote:
It is very easy.
Deny everything.
Allow outbound port 80
Allow mail server to 25
Allow ident
If you need netmeeting, allow netmeeting server to other servers.
If you need AIM, allow AIM from workstations to oscar.aol.com
I apologize in advance for my off-topic posting. I doubt I am alone,
though, in saying that Alex Yuriev needs to slow his roll.
'D' key is your friend.
Alex, stop sending a follow-up to everything you read. If you really
have something to say, please just write a pointed email with a
From: [EMAIL PROTECTED]
unprotected are). For example, have a machine that had been broken into
and
used to attack a company which lost $5M because of that attack, make
whoever
owns the machine was broken into pay $5M + attorney frees + punitive
damages. Suddently, the unprotected (for
On Mon Jan 27, 2003 at 04:16:00PM -0500, [EMAIL PROTECTED] wrote:
Again, but why does it talk to the outside world unsupervised? Your
organization clearly has a border that separates its internal systems from
external ones. Why not apply those restrictions on *those* borders?
From inside the
On Mon, 27 Jan 2003 15:53:07 EST, [EMAIL PROTECTED] said:
The amazingly simple solution is to make it uneconomical for anyone to
maintain unprotected network (for whatever two sets uneconomical and
unprotected are). For example, have a machine that had been broken into and
used to attack a
On Mon, 27 Jan 2003 16:00:51 EST, [EMAIL PROTECTED] said:
It is very easy.
Deny everything.
Allow outbound port 80
Bzzt! You just let in an ActiveX exploit. Or Javascript. Or
Allow mail server to 25
Bzzt! You just let in a new Outlook exploit.
If you need AIM, allow AIM from
Simon Lockhart [EMAIL PROTECTED] wrote:
On Mon Jan 27, 2003 at 04:16:00PM -0500, [EMAIL PROTECTED] wrote:
Again, but why does it talk to the outside world unsupervised? Your
organization clearly has a border that separates its internal systems
from
external ones. Why not apply those
On Sun, Jan 26, 2003 at 12:17:20AM -0500, Tim Griffin mooed:
hc wrote:
I am on Verizon-GNI via Qwest and Genuity and seeing the same problem as
well.
here's a plot showing the impact on BGP routing tables from seven ISPs
(plotted using route-views data):
JB Date: Mon, 27 Jan 2003 15:19:25 -0600
JB From: Jack Bates
JB So, if I'm reading this right, user of Vendor L doesn't like
JB Vendor M. Instead of attacking Vendor M's software, the user
JB just needs to make sure Vendor M's corporate servers get
JB infected and cause enough damage to run
Deny everything.
Allow outbound port 80
Bzzt! You just let in an ActiveX exploit. Or Javascript. Or
And I have successfully blocked everything other than AcriveX or JavaScript
or whatever else.
Allow mail server to 25
Bzzt! You just let in a new Outlook exploit.
It is talking
here's a plot showing the impact on BGP routing tables from seven ISPs
(plotted using route-views data):
http://www.research.att.com/~griffin/bgp_monitor/sql_worm.html
And as an interesting counterpoint to this, this graph shows
the number of BGP routing updates received at MIT
On Mon, Jan 27, 2003 at 06:15:33PM -0800, Randy Bush mooed:
Wow, for a minute I thought I was looking at one of our old
plots, except for the fact that the x-axis says January 2003
and not September 2001 :) :)
seeing that the etiology and effects of the two events were quite
On Sat, 25 Jan 2003, Bill Woodcock wrote:
On Sat, 25 Jan 2003, Mikael Abrahamsson wrote:
Lots of traffic on udp port 1434 coming in here via TW Telecom and Sprint
Looks like we may have a winner for DDoS of the year (so far)
What kind of traffic levels are you
- Forwarded message from [EMAIL PROTECTED] -
Date: Tue, 28 Jan 2003 00:43:09 -0500 (EST)
Worm Hits Microsoft, Which Ignored Own Advice
January 28, 2003
By JOHN SCHWARTZ
...
A spokesman for Microsoft, Rick Miller, confirmed that a
number of the company's machines had gone unpatched,
28 matches
Mail list logo