Re: Unicode worm?

From: Jonathan Rickman (jonathanat_private)
Date: Thu Aug 22 2002 - 18:50:53 PDT

  • Next message: Cushing, David: "RE: looking for what? portscan 15000/tcp"

    On Wed, 21 Aug 2002, Kurt Seifried wrote:
    > Make sure your servers are patched before they go online and if you're like
    > me find someone nice to have dinner with and forget about it. There are much
    > better things to do in life then worrying about the latest (or not so
    > latest) windows worm.
    I agree. It looks like someone has just whipped up a script to scan for
    the vulnerability, possibly loosely based on the Nimda code. Not much to
    be concerned with if you're patched. Not much you can really do about it
    anyway. Lately, I've been just dropping all traffic from Korea and
    surrounding areas. No offense to anyone, but it seems that anything
    registered with APNIC should be under close scrutiny. Korean networks in
    particular appear to be the armpit of the net. I have no need to
    allow communication with them, so I just save myself the trouble and
    filter it out.
    - -- 
    Jonathan Rickman
    X Corps Security
    Version: PGP 6.5.8
    -----END PGP SIGNATURE-----
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Fri Aug 23 2002 - 10:16:43 PDT