Christopher L. Morrow wrote:
So, if in YOUR network you want to do this blocking, go right ahead, but I wouldn't expect anyone else to follow suit unless they already determined there was a good reason for themselves to follow suit. As an aside, a day or so of 5 minutely reboots teaches even the slowest user to find a firewall product and upgrade/update their systems, eh?
Yeah. I hate to admit it, but there is a lot gained from this worm. The of the worm will secure a lot of systems from other exploits of the same vulnerability which can be used for much worse. From what I've seen, a lot of networks have sent user's to custom webpages to assist in patching and removal of the worm. I wonder if microsoft minds the redistribution of patches in this senario. ;) My outbound ratio of worm to total packets has decreased to 7%. Helpdesk call volume has increased drastically, but we expect things to be close to normal by end week. As a side note, I think one of my peers issued a 135 block in their core (haven't checked). The inbound scan numbers should be much higher than they are. -Jack