Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
The Bright Side of Blaster
Kevin Poulsen, SecurityFocus 2003-08-14

The Blaster worm has infected hundreds of thousands of Windows machines, shut down the Maryland state DMV, put network administrators on overtime, crashed countless consumer's home computers, and on Saturday it will attempt a denial-of-service attack on Microsoft's Windows Update site. But that doesn't make it all bad.

Comments Mode:
The Bright Side of Blaster 2003-08-15
Anonymous (2 replies)
The Bright Side of Blaster 2003-08-15
Anonymous
The Bright Side of Blaster 2003-08-16
Anonymous
The Bright Side of Blaster 2003-08-15
mark (at) challender (dot) com [email concealed] (3 replies)
ISP firewalling 2003-08-15
altrroquando (at) hotmail (dot) com [email concealed] (1 replies)
ISP firewalling 2003-08-18
Anonymous (1 replies)
ISP firewalling 2003-08-18
Anonymous
Comcast inherited many systems when it purchased ATT Broadband, which in turn, inherited many systems when it purchased MediaOne. MediaOne blocked ports 137-139 for most of its lifetime, and I believe it's successors have done the same. I'd bet they block port 135 as well. The original rationale for this policy was to protect open fileshares on Windows computers from snooping.

For those who don't like this policy, you can asked to be removed from the block list, as I have done. I firewall my Comcast connection (with Linux), so I didn't need ISP filtering as well.

You might therefore be interested in the fact that the firewalls I manage that are connected to commercial providers were hit many more times by the worm than was my Comcast connection. For instance, I logged about 1100 port 135 packets on a firewall connected to XO line, compared to about 100 packets on my Comcast cable modem connection.

I agree with the earlier poster that packets with forged private addresses, smurf packets, and the like, should never leave an ISP's router.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/6728/21542#21542
The Bright Side of Blaster 2003-08-15
Anonymous
The Bright Side of Blaster 2003-08-15
Anonymous (1 replies)
The Bright Side of Blaster 2003-08-18
Anonymous
The Bright Side of Blaster 2003-08-15
Anonymous
The Bright Side of Blaster 2003-08-15
Anonymous
The Bright Side of Blaster 2003-08-15
Anonymous
hackers HATE worms 2003-08-15
a worm author (1 replies)
hackers HATE worms 2003-08-16
Anonymous (2 replies)
conspiracy 2003-08-17
Anonymouse
hackers HATE worms 2003-08-17
bleek (1 replies)
hackers HATE worms 2003-08-18
a worm author (2 replies)
hackers HATE worms 2003-08-20
Anonymous
MS has rights to hack your machine... in some cases(?!) 2003-08-21
Anonymous
The Bright Side of Blaster 2003-08-15
rleroy (at) avantages (dot) com [email concealed]
The Bright Side of Blaster 2003-08-15
hackers? (1 replies)
The Bright Side of Blaster 2003-08-16
Applied Slave
The Bright Side of Blaster 2003-08-15
Anonymous
The Bright Side of Blaster 2003-08-16
praveen
The Bright Side of Blaster 2003-08-17
X-HUMANATION - http://www.sinred.com (1 replies)
The Bright Side of Blaster 2003-08-19
Anonymous
The Bright Side of Blaster 2003-08-18
not-so-leet-dan (1 replies)
The Bright Side of Blaster 2003-08-18
Vince C.
The Bright Side of Blaster 2003-08-18
Anonymous
The Bright Side of Blaster 2003-08-18
Anonymous
The Bright Side of Blaster 2003-08-20
Val







 

Privacy Statement
Copyright 2008, SecurityFocus