Eric, # We are seeing patched machines being rebooted by other worm # infected hosts. Nick Fitzgerald on the intrusions@ list explained that it's # other hosts attempting to infect the patched system and gets the offset # wrong based on the 80/20 weighting. Is anyone else seeing this happen? In testing I have done, Running the wrong offset has no effect on fully patched 2k (SP4) or XP (SP1) nodes. I have test nodes fully exposed to the Internet of both flavors, and Blaster has no impact on them. BTW// I didn't even disable DCOM until last night; it made no difference on the fully patched nodes. I suspect the missing variable in your situation is different software revisions, or people incorrectly reporting to you that all the nodes are fully patched... Everyone I have worked with who has patched up has this under control; no issues. Good luck, Arian Evans Sr. Security Engineer FishNet Security Phone: 816.421.6611 Toll Free: 888.732.9406 Fax: 816.421.6677 http://www.fishnetsecurity.com note: Text email is not Office XP friendly. Turn off the "remove extra line breaks" located at |Tools|Options|Email Options if it formats incorrectly. Why break text-based email by default? Ask Microsoft. The information transmitted in this e-mail is intended only for the addressee and may contain confidential and/or privileged material. Any interception, review, retransmission, dissemination, or other use of, or taking of any action upon this information by persons or entities other than the intended recipient is prohibited by law and may subject them to criminal or civil liability. If you received this communication in error, please contact us immediately at 816.421.6611, and delete the communication from any computer or network system. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Aug 13 2003 - 17:46:54 PDT