On Tue, 19 Aug 2003 vern@ee.lbl.gov wrote: : > Obviously they didn't filter 135, 137-139, 445, and 4444 inbound : : Not obvious. I know of several sites that were infected even though they : had filters in place, due to infected laptops being brought on-site. :: The new EDS managed Navy Marine Corps Intranet with 100,000 users has :: become so congested by worm traffic it can not be used for useful work :: today. I figured that a network with 100K+ users that could "become so congested by worm traffic it can not be used for useful work" would've been been compromised by more than some infected laptops and whatnot being brought onsite. I have that method of infection and I was still able to keep things under control. (Now if I could get all the end-users to not click on the .pif, .scr, etc. attachments...) Maybe I was just lucky. Most likely, though, they did not create "security zones" to keep problems contained within certain network segments and not let them out to destroy other networks. scott