OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Russ (Russ.CooperRC.ON.CA)
Date: Wed Aug 08 2001 - 10:56:02 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----

    A lot of organizations have been focusing on preventing Code Red from
    coming through their Internet gateways, while forgetting other
    methods of infection.

    Windows 2000 Professional on laptops usually has hibernation enabled.
    If Personal Web Server (which is IIS) is installed, and the laptop
    gets connected to the Internet from home or another company's office,
    it can easily become infected. Since its memory resident, if
    hibernation is used during travel back to the office, as soon as the
    machine is brought up it can start emitting attacks on your internal
    network.

    This is true for all variants known to date.

    So don't believe your internal network is secure just because you
    block port 80 at your router/firewall. More than a few internal
    networks have been infected with Code Red, likely for this reason. If
    Code Red has access to a LAN to propagate, it doesn't take long for
    it to saturate it.

    Also remember your VPN connections, both your own employees and any
    you might have with partners. They often work both ways, more often
    than not with only a little filtering (if at all). Home workers might
    very well have several computers behind their NAT'd gateway, all may
    also be able to pump traffic out the VPN (depending on how its
    configured). Scanning your own internal address space may not be
    sufficient to identify all of possibly infectable machines.

    Is little Johnny's computer (W2K Pro?) at the CEO's home continually
    re-infecting your internal network over daddy's VPN?

    Time to take stock of all of the possibilities...it might even help
    you get some of your policies effected!

    Cheers,
    Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

    -----BEGIN PGP SIGNATURE-----
    Version: PGP Personal Privacy 6.5.2

    iQCVAwUBO3FhEhBh2Kw/l7p5AQFjFQQAxpR4BUr3Nh9DImaveLPwpYLi+0DP+o6Z
    PJ6DZu3PgKF6Di2IXRzO8c2HlTWoeB7nCmhM6RKoUqn48+ZPQ51J3WtB/WK2f2GB
    SpJuvlsv9DUpuLrAj3kVhylxSXwjjKrlzFVMapS3aha+CVnuxR2VOsZ6JDt2bklk
    /m7wHmN/aec=
    =Hv2c
    -----END PGP SIGNATURE-----