Re: Large ISP response to Code Red?

From: Kris Carlier (rootat_private)
Date: Tue Jul 31 2001 - 09:53:54 PDT

Next message: Desmond Irvine: "Incident Response"

Previous message: Gary Maltzen: "Re: Port 119 Scans"
In reply to: Mike Johnson: "Re: Large ISP response to Code Red?"
Next in thread: Jonathan A. Zdziarski: "RE: Large ISP response to Code Red?"
Next in thread: Rob McCauley: "Re: Large ISP response to Code Red?"
Next in thread: kath: "Re: Large ISP response to Code Red?"
Reply: Jonathan A. Zdziarski: "RE: Large ISP response to Code Red?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> To me, this is the answer.  Server based systems usually have
> plenty of bandwidth.  A different set of patches could be
> offered for the desktop class systems (Win9x, Me, 2k Prof.)
> that might be more bandwidth friendly and only applies to

small detail, IIRC, one of the windowsupdate servers fell victim to the CR
attack itself. So, here's a rethorical question: would you like your
system to be automatically updated ? What if the machine you trust is
infected ? Helluvaway to efficiently distribute a worm, no ?

kr=


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Desmond Irvine: "Incident Response"
Previous message: Gary Maltzen: "Re: Port 119 Scans"
In reply to: Mike Johnson: "Re: Large ISP response to Code Red?"
Next in thread: Jonathan A. Zdziarski: "RE: Large ISP response to Code Red?"
Next in thread: Rob McCauley: "Re: Large ISP response to Code Red?"
Next in thread: kath: "Re: Large ISP response to Code Red?"
Reply: Jonathan A. Zdziarski: "RE: Large ISP response to Code Red?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 09:47:11 PDT