[ale] New worm destablized Internet

Adrin haswes at mindspring.com
Sat Jan 25 16:46:58 EST 2003 

Just heard on the news that at least one bank is having trouble with ATMs.
Kind of makes you wonder what kind of security they have on their system.
And I thought the ATM network was separate from Internet?

Adrin


> -----Original Message-----
> From: ale-admin at ale.org [mailto:ale-admin at ale.org]On Behalf Of Jim
> Sent: Saturday, January 25, 2003 9:20 AM
> To: ale at ale.org
> Subject: Re: [ale] New worm destablized Internet
> 
> 
> Yep. The New York Times site seems to be hosed this morning. You can get the 
> home page, but if you click on any one article, you get an error stating that 
> the redirection limit has been exceeded. Looks like they're a victim.
> 
> On Saturday 25 January 2003 09:14 am, Transam wrote:
> > A new worm started destabilizing the Internet in the wee hours this
> > morning.  It spread via a vulnerability in MS SQL, according to reports,
> > and that the patch has been out for many months.  It is a 376-byte
> > packet that propagates over UDP port 1434 (Microsoft-SQL-Monitor).
> > Its effect appears to be diminishing somewhat due to many SysAdmins
> > starting to block this port on their firewall.
> >
> > We have seen attacks against most of our clients' firewalls.
> > Those clients with one of our firewalls are immune from this worm
> > either entering their networks and even a vulnerable system (such
> > as a compromised Laptop) from launching the worm to other systems on
> > the Internet.  This is because we always have blocked this and all other
> > ports not explicitly opened and because we also always have applied egress
> > filtering.  Some may suffer from the loss of bandwidth consumed by the
> > worm that has compromised other sites on the Internet not so protected.
> >
> > We see good access to all of our clients' protected networks.
> >
> > Best regards,
> >
> > Bob Toxen, CTO
> > Fly-By-Day Consulting, Inc.
> > "Your expert in Firewalls, Virus and Spam Filters, VPNs,
> > Network Monitoring, and Network Security consulting"
> > bob at verysecurelinux.com (e-mail)
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> 

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list