Mon, Apr 16 2007 23:42
So why take migitation action anyway?
So why patch if SBSers have a limited number of ports open anyway?
Well for one, I'm not smart enough to know if they can build this thing to poke at 1723 and 3389 (Keep in mind I don't keep 3389 open anyway). Right now it looks like they are hitting 1025 once they get inside, but they've also coded up a virus payload to get in via my workstations/stupid users.
Filed under: Security
When it's a real quick registry add, a stop restart of the DNS server that does not force me to reboot the box and it protects, that's why.
Also it's not just a 'from remote' attack, they are building viruses to drop in behind my battle lines.
And my antivirus vendor, Trend isn't on the list of a/v vendors finding that one.
Tinfoil and paranoia. :-)