North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: management interface accessability (was Re: Worm / UDP1434)
On Sun, 26 Jan 2003, Chris Lloyd wrote: > > On Sun, Jan 26, 2003 at 12:08:07PM -0600, Rob Thomas wrote: > > Just a point here: Many road warriors are work-at-home folks who have > > their computers on 24x7. They may be infected, and will fire up their > > VPN tunnels Monday morning. This may introduce the worm into the chewy > > center of many corporate networks. Hopefully folks have put the proper > > filters in place on their VPN access points. > > Personally, I think it's unlikely the situation will get worse on Monday > because of people starting work. The first reason is that you can only get > infected if you're running SQL server (or MSDE) at home and someone sends you > one of the special packets. The second reason is that you, if you're infected, > send the packets to random IP addresses, and not only do you have to randomly > choose an address on the corporate LAN, but it has to be a machine running > SQL server. To my mind the probability of all these things being the case > is microscopic! My observation was that the target IPs are not random and that local IPs were hit more often (same /16 more than /8 more than all /0) .. a la Codered. STeve
|