[rescue] Fair Warning RPC Worm

Kevin kevin at mpcf.com
Tue Aug 12 12:42:11 CDT 2003


That's not entirely true.  Your outside laptop users (assuming you have them as most companies have at least a few) can be a threat.  Your firewall could be right n' tight, but if some luser connects to an ISP with his laptop from home and then becomes infected, then connects up to your internal network the next day, you're screwed.  I patched up all our laptops that actually leave the place yesterday so i'm OK, but this scenario got Carnival Cruise lines just last night.  I'm in favor of putting all my laptop users in the own DMZ, might just do that....

Does anyone know if this worm would affect machines that are being used by users lacking administrative privileges?  Not having your users in the local admin group helps with some viri but i'm not so sure about this one.

BTW: Gibson's tools may work but he's a fuck monkey of the highest order.  According to him, the internet as we know it should not exist since the release of XP.  Null connects and raw sockets are going to destroy the world!!!

/KRM

On Tue, 12 Aug 2003 11:21:03 -0500
Mike Hebel <nimitz at nimitzbrood.com> wrote:
> 
> Funny thing is.  If you just do proper firewall security this worm 
> isn't an issue.  do you r best case and use the "Shields Up" port probe 
> stuff at www.grc.com (Gibson Research) and you'll know immediately if 
> there's a problem.



More information about the rescue mailing list