I find it ironic that one of the presentations at the last nanog was about a system kind of like that: http://www.nanog.org/mtg-0402/gauthier.html and that we had some luser on the nanog30 wireless network infected by SQL slammer.
Well it wouldnt be nanog without a few infections, password grabs and other random security breaches....
Does anyone know who that was, how/if they were located and removed from the network, and whether they brought an infected PC (either via stupidity or as a joke) or simply brought an unpatched system out from behind their firewall/packet filters and got infected before they got a chance to actually use the network?
Probably genuine error (clueless/oversight), no names.. where is Randy when you want him?
After that incident, I sniffed the wireless for a little while and noticed slammer is alive and well out on the internet and still trying to infect the rest of the internet.
*jlewis in network sniffing shock!*
We're still blocking it at our transit borders. The one time it was removed (accidentally), a colo customer was infected very shortly after the filter's protection was lost.
yeah theres lots, we filter for several known worms on the gateway routers at the meetings we sponsor, i recommend nanog sponsors do the same (altho it cant save u from the devil within) Steve
---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________