From: by way of Micronet mailing list administrator (jonah_at_eecs.berkeley.edu)
Date: Tue Aug 05 2003 - 15:08:29 PDT
As a temporary measure, in response to a problem like this it strikes me
as appropriate. If nothing else I believe it will raise awareness that
there is a problem and help hasten eventual solutions.
Jeff Anderson-Lee
Systems Manager, Digital Library Project
Craig Lant wrote:
> OK, so no one seems to have the guts to back me up on this and I
> haven't heard from anyone who doesn't want a block. ;) Let me pose a
> few quick questions before I authorize a block.
>
> First, how many machines have actually been compromised? So far, I've
> only heard of less than 30 or so confirmed compromises and I can
> assure you the kiddies are trying. We're seeing lots of scanning
> going on.
>
> Second, how many vulnerable machines are still out there? Everyone
> I've spoken to has got the message and has been working feverishly
> (thank you) to get their systems patched so they wouldn't be left out
> naked over the weekend.
>
> If we do a block, Microsoft is suggesting that ALL of 135, 137, 139,
> and 445 be blocked. That will definitely cripple hundreds, if not
> thousands, of users who probably don't subscribe to these lists. This
> will shut off all windows file sharing from home, access to exchange
> servers from home, remote desktop access from home, etc. This would
> at least be in place over the weekend. So, if this is a problem for
> anyone reading this, speak up now.
>
> Thanks,
> Craig
>
> -------------------------------------
> Sent via the ucb-security mailing list.
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
This archive was generated by hypermail 2.1.5 : Tue Aug 05 2003 - 15:16:42 PDT