Re: RE: Re: New Virus -NIMBDA

From: Chris (chris-dicamillo@home.com)
Date: Wed Sep 19 2001 - 16:47:04 EDT


Yeah, but it doesn't matter if your linux box is connected to a cisco
switch that doesn't have it's web interface patched.
We were down for about 4 hours yesterday because some of our fiber based
switches were in constant reboot. Our Intrusion detection box counted over
41,000 attempts in one hour!
Make sure you have Windows 2K patched SP2 + Q301625. Don't trust any of
the cleaner tools for these viruses, a complete rebuild and restore from
pre-attack backup is needed. Also, patch your browsers against the .eml
trick. Well, back to rebuilding the only NT server we have. Of course, I
missed one patch on it... grrrr

Chris

At 09:29 AM 9/19/2001 +0800, you wrote:
>Its times like these that really love the fact that i run linux. The
>only way this effects me is the probs form those windoze boxes trying
>to infect me. Haha keep trying.
>adam
>"in a world without fences, who needs GATES."
>
>Andy Levy wrote:
> >
> > We shut our links down too. But too late - it was one of our "reaction"
> > steps after learning we got slammed by it.
> >
> > This thing attempts to exploit SIXTEEN vulnerabilities in various software
> > that could be installed on an NT/2000 box, including stuff related to the
> > Code Red worms. As I speak, some of my co-workers are rebuliding 13
> > servers. I lead a crew checking over 60 desktops in the span of about 2
> > hours. Fortunately, all those checked out clean.
> >
> > I don't think we know how we got hit just yet. We have so many people
> > getitng into our network from remote (other companies we've acquired, field
> > agents, etc.) we may never really know.
> >
> > Ronald Wong wrote:
> >



This archive was generated by hypermail 2b29 : Fri Jun 20 2003 - 12:02:51 EDT