Firewall won't stop it, port 135 blocked or not.

Post #116,708 by Andrew Grygus 9/5/03 2:56:52 AM Reply	Firewall won't stop it, port 135 blocked or not. Many companies have been hit hard from behind the firewall as executives and sales guys brought in their notebooks and plugged them into the company network. Telling executives and sales guys not to do that is an exercise in futility - they know it's not a problem - it's your fault and you should get it fixed. [link\|http://www.aaxnet.com\|AAx]
Post #116,709 by pwhysall 9/5/03 2:58:08 AM Reply	I know that. The question was a nice way of saying, "Which idiot plugged into your LAN without asking?" Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog]
Post #116,724 by Silverlock 9/5/03 8:50:33 AM Reply	Most likely it was a VPN user I also have my suspicions about some of the systems with Virtual PC. The virtual systems don't get used too often and may not have been patched with all the others. ----------------------------------------- It is much harder to be a liberal than a conservative. Why? Because it is easier to give someone the finger than it is to give them a helping hand. Mike Royko
Post #116,710 by Steve Lowe 9/5/03 3:08:12 AM Reply	VPN, RAS also a prob. Our guys shut down 135 in time, but apparently forgot about the VPN and the RAS box. Oops. ----- Steve
Post #116,712 by pwhysall 9/5/03 3:12:38 AM Reply	That's potentially a no-win situation. ...if your RAS box is NT4; the patch initially broke RAS on NT4. Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog]
Post #116,714 by Steve Lowe 9/5/03 3:34:17 AM Reply	It may be I don't know, though. I stay outta the server room. I get to work on the UNIX box so it doesn't bother me much :D I just snicker at all the stories I hear over the cubicle walls. ----- Steve
Post #116,711 by pwhysall 9/5/03 3:10:26 AM 9/5/03 3:11:41 AM Reply	About Executives Well, in our company, we have a strict policy of "no plugging in until IT has been and visited your laptop and given you the thumbs-up", and we've had this policy approved from the highest level downward. Which is just as well; we take a copy of our latest AV software and virus definitions, install it (if it's an "alien" computer) and then scan it. We've seen Nimda, Code Red, The Klez, BugBear and so on; we've seen laptops with three different versions of antivirus software installed at the same time, all out of date and non-functional; the list goes on. [edit: Not laptops that are part of our herd, I hasten to add; these were visitors] What enabled us to take this idea to management was the fact that we got hit by Nimda. It clobbered an intranet web server before the virus definitions were out. We were offline for 1.5 days. Management doesn't understand "Viruses are bad" but it does understand "150 man-days lost". Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog] Edited by pwhysall Sept. 5, 2003, 03:11:41 AM EDT Expand All History

Welcome to IWETHEY!