[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-disclosure] Worm?
- To: "'TheGesus'" <thegesus@xxxxxxxxx>, "'Byrne, David'" <David.Byrne@xxxxxxxxxxxx>
- Subject: RE: [Full-disclosure] Worm?
- From: "SNOsoft" <simon@xxxxxxxxxxx>
- Date: Mon, 16 Jan 2006 00:07:08 -0500
David,
I'm tempted to flame you because of the email that you sent, but
instead, I'll be nice. My first word of advice to you is do not send emails
like this to public mailing lists. They advertise either your lack of
technical competence or lack of time to react to an incident.
Questions:
1-) Why didn't your IPS Vendor (assuming that it's a Managed Security
Services Provider) provide you with any payload information (Packet
Capture)? At the very least they should have told you what port this thing
was sending data to/from and what systems it was impacting. If they didn't
provide you with that, find a better MSSP.
2-) Why haven't you sniffed your network and collected any of this traffic
for analysis on your own? If you have then why didn't you provide this to
the list to analyze?
3-) Last one... How did you not notice "large volumes of traffic" that are
abnormal? Don't you have any type of network traffic monitors in place?
You are after all the Corporate IT Security guy.... Hell... Doesn't this
very email violate your security policy?
Just my two cents...
-simon
> -----Original Message-----
> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
> [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf
> Of TheGesus
> Sent: Sunday, January 15, 2006 10:38 PM
> To: Byrne, David
> Cc: full-disclosure@xxxxxxxxxxxxxxxxx
> Subject: Re: [Full-disclosure] Worm?
>
> > Our IPS vendor is reporting a number of customers affected by large
> > volumes of traffic generated by a worm. Anyone have details?
> >
> >
> > Thanks,
> >
> > David Byrne
> >
>
> Same as it ever was... same as it ever was...
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
BullGuard Anti-virus has scanned this e-mail and found it clean.
Try BullGuard for free: www.bullguard.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/