[dns-operations] "Cybercrooks exploiting new Windows DNS flaw"
Fergie
fergdawg at netzero.net
Fri Apr 13 20:28:21 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -- "Stasiniewicz,Adam" <stasinia at msoe.edu> wrote:
>Let me clarify some points. First, this is no Slammer. MSDE was commonly
>infected by Slammer, since most people don't know they are running MSDE so
>they did not patch it (and you found MSDE on both servers and clients).
>This allowed Slammer to spread between networks. I have yet to meet
>someone running a DNS server on their laptop (unless they are doing some
>sort of VMware, test lab, etc setup). But either way, spreading via
>infected client computer is a very small risk (as compared to other
>nasties a computer can get when not behind the corporate content filter).
>
>
Not for nuthin', but many similar MS exploits can also spread if
a client has a network drive mapped to another host (via network
shares). I've seen this done many, many times.
Resolving to a server, and mapping drives, however, are very
different things, and I digress. :-)
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.0 (Build 214)
wj8DBQFGH+fbq1pz9mNUZTMRAk5DAKDoN4+nVRTb+ac4g0B5BdAoJH8KngCg7JKB
3gap1qBU544VL5F0+7hiduU=
=A1nc
-----END PGP SIGNATURE-----
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg(at)netzero.net
ferg's tech blog: http://fergdawg.blogspot.com/
More information about the dns-operations
mailing list