-----Original Message----- From: information_technology-admin@private on behalf of InfraGard Sent: Thu 9/11/2003 6:50 AM To: Information Technology Cc: Subject: [Information_technology] Daily News 9/11/03 September 11, IDG News Service — Study: ISPs should block 'Net attack ports. Internet service providers (ISPs) should block access to communications ports on their customers' computers which are commonly exploited by Internet worms and other malicious programs, according to a report by Johannes Ullrich of the SANS Institute Inc. Leaving the ports open offers little to customers, while needlessly exposing them to infection and making it more likely that ISPs will be overwhelmed by future virus outbreaks, the report said. Many ISPs already block some or all of the ports named, while others offer customers free personal firewall software to install on their home computers. However, home Internet users often lack the technical knowledge necessary to install and configure a firewall, Ullrich said. The report is available on the SANS Institute Website: http://www.sans.org/rr/special/isp_blocking.php Source: http://www.infoworld.com/article/03/09/08/HNispstudy_1.html September 10, U.S. Department of Homeland Security — Potential For Significant Impact On Internet Operations Due To Vulnerability In Microsoft Operating Systems' Remote Procedure Call Server Service (RPCSS). The National Cyber Security Division (NCSD) of the Department of Homeland Security (DHS) / Information Analysis and Infrastructure Protection (IAIP) Directorate is issuing this advisory in consultation with the Microsoft. There are three vulnerabilities in the part of Remote Procedure Call (RPC) that deals with RPC messages for the Distributed Component Object Model (DCOM) activation--two that would allow arbitrary code execution, and one that would result in a denial of service. These particular vulnerabilities affect the DCOM interface within the RPCSS, which listens on RPC enabled ports. An attacker who successfully exploited these vulnerabilities could be able to run code with local system privileges on an affected system, or cause the RPCSS to fail. The attacker could be able to take any action on the system. DHS is concerned that a properly written exploit could rapidly spread on the Internet as a worm or virus in a fashion similar to the Blaster Worm. DHS and Microsoft recommend that system administrators install the patch immediately. Additional information is available on the Microsoft Website: http://www.microsoft.com/security/security_bulletins/ms03-039.asp Source: http://www.dhs.gov/dhspublic/display?theme=70&content=1415 AlertCon: 2 out of 4 https://gtoc.iss.net Security Focus ThreatCon: 2 out of 4 http://analyzer.securityfocus.com/ Current Virus and Port Attacks Virus: #1 Virus in the United States: WORM_SOBIG.F Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 135 (epmap), 80 (www), 1434 (ms-sql-m), 137 (netbios-ns), 21 (ftp), 445 (microsoft-ds), 1433 (ms-sql-s), 139 (netbios-ssn), 4444 (CrackDown), 17300 (Kuang2TheVirus) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Information_technology mailing list Information_technology@listserv
This archive was generated by hypermail 2b30 : Thu Sep 11 2003 - 08:13:36 PDT