[dns-operations] "Cybercrooks exploiting new Windows DNS flaw"

Fergie fergdawg at netzero.net
Fri Apr 13 20:28:21 UTC 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- "Stasiniewicz,Adam" <stasinia at msoe.edu> wrote:

>Let me clarify some points.  First, this is no Slammer.  MSDE was commonly
>infected by Slammer, since most people don't know they are running MSDE so
>they did not patch it (and you found MSDE on both servers and clients). 
>This allowed Slammer to spread between networks.  I have yet to meet
>someone running a DNS server on their laptop (unless they are doing some
>sort of VMware, test lab, etc setup).  But either way, spreading via
>infected client computer is a very small risk (as compared to other
>nasties a computer can get when not behind the corporate content filter). 
> 
>

Not for nuthin', but many similar MS exploits can also spread if
a client has a network drive mapped to another host (via network
shares). I've seen this done many, many times.

Resolving to a server, and mapping drives, however, are very
different things, and I digress. :-)

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.0 (Build 214)

wj8DBQFGH+fbq1pz9mNUZTMRAk5DAKDoN4+nVRTb+ac4g0B5BdAoJH8KngCg7JKB
3gap1qBU544VL5F0+7hiduU=
=A1nc
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/




More information about the dns-operations mailing list