From: Dave Ball (vought@msn.com)
Date: Tue Aug 27 2002 - 01:50:48 PDT
Hi, All...
I have been Administering large networks for 15 years and have been an IT
Director the last 6 and I have seen just about every email claiming no fault
and this one is the standard I see no evil , hear no evil, talk no evil. I
live by there is no fault except by those who coded the virus its no ones
fault, no blame to place, no finger to point, except at the person who
designed and released the malicious code there are Billions of dollars lost
from this sort of terrorism every year.
Web Mail, Norton, Firewall, Spoof, outlook, these are just words. Words are
not the problem executed code is the problem and if you open email have a
connection to the internet then you are at risk, we all are at risk. The
best you can do is become a patch and definition freak and even then you
will still be vulnerable and have big blood shot eyes for your efforts when
you do get hit because that's it period there is no silver bullet.
You say you have a firewall are you running NAT do you know what NAT is. Do
you dial to your provider or are you connected by DSL or cable modem? Is
your IP address static or dynamic? ever heard of spoofing an IP address?
Myself and the many Admins working for me have tried everything we could
think of even had Symantec (Norton) and McAfee visit and look through our
systems after being pounded hard by Redcode and Nimda (admin spelled
backwards) a year ago.
What I learned from them was that all antivirus products are Signature based
this means your vendor provides a unique code (macros) to identify each
virus this also means there is a delay of several hours or even days before
the vendor releases an update even if you have your automatic update button
clicked. All this means is that when a new virus hits the internet you will
have your pants down with the rest of us until the new definitions have been
released. In the security classes I have taken almost everyone seems to
agree that pattern matching antivirus technology is still the king of virus
protection although there are few non signature based antivirus applications
like stormwatch but they are young.
The best protection we found which is still not fool proof is to run NIX
based Internet gateways and filter with hardware and software all incoming
and out going traffic at that point before hitting the corporate servers
this allows us the best if not fool proof protection but sucks band width we
also use a stateful firewall meaning it opens every packet for inspection
another bandwidth sucker.
Most businesses use internet gateway protection on the email server port
this is fine until someone logs into a Internet based web email account
(Yahoo) and downloads a virus because doing this has bypassed the corporate
email server protection and downloads a virus from the Internet to his local
node which is hopefully subnetted from anything of great importance.
There has been a lull this year in the virus arena I think the coders are
taking a rest or maybe brushing up on XP or NIX or even .NET.
I have included a site that will show just a few of the Vulnerabilities for
the last couple of weeks please do not think because you do not run a MS
Windows based system you are safe because you are not but you do have
something working for you, you are a minority player and you will be less
targeted.
I use Outlook and like it I keep all my mail in the "restricted sites" zone
and keep that zone locked down.
I also do a full back up of my system everyday and keep Wednesday for 4
weeks before recycle. I am running NAT and a Linux Based Internet Gateway I
have only one machine outside the gateway and it is an Apache webserver that
is also backed up daily.
It has been hacked by exploiting a code vulnerability in Linux I felt it was
the least likely to get hacked I was wrong.
There are a lot of hacking tools on this site please becareful what you
download and how you use it "you are being watched".
Try some of the sniffer tools monitor the traffic to and from your computer
you might be surprised to find someone lurking there are a lot of shared
resource hackers out there right now some are offshore.
Remember all Internet users are admins and the best protection is to keep
your machine turned off.
Good luck
Flame away
Dave
http://www.blackcode.com/vulnerabilities/
----- Original Message -----
From: "Edwin M. Dyer, III" <sturmtiger1944@yahoo.com>
To: "Military Vehicles Mailing List" <mil-veh@mil-veh.org>
Sent: Monday, August 26, 2002 9:01 PM
Subject: Re: [MV] Sturmtiger1944 - Virus warning
> Greetings:
>
> For the record, this infected e-mail did NOT originate
> from me or my computer. I have complete, up-to-date
> virus definitions ( running Nortons ) and there are
> no, and I mean, no, virii on my system, at all.
>
> I use Yahoo, a _web-based_ e-mail, and the possibility
> of me sending any kind of infected e-mail is about
> nil. I do not use Outlook for anything.
>
> This e-mail address is in a number of people's address
> books, many of whom I do not know. I have received any
> number of infected e-mails from people I have no clue
> who they are. Each and every one of these e-mails has
> been defeated by Nortons, of which I can scan any
> inbound e-mail attachment via Nortons on Yahoo.
>
> Virii often spoof, and by spoof, I mean they _mask_
> the true originator of the e-mail with a different
> address.
>
> I also maintain a personal firewall and no application
> can get outside access to the 'net without me knowing
> it. Outlook has been denied any outside access since I
> don't use it, won't use it, and just about every
> single virus out there likes to use it to spread
> themselves. Take a hint, if you use Outlook and don't
> _have_ to, don't use it. Get something else like
> Eudora or Pegasus.
>
> Once again, no virus has come from me or my machine.
>
>
> Regards,
>
> Ed
>
> "Look before you leap."
>
>
> --- "J. Lee" <milveh@sbcglobal.net> wrote:
> > I think Sturmtiger1944 may have unknowingly caught a
> > virus and is passing it
> > out to list members on his email. Hoping nobody
> > else got it, be careful if
> > you get e-mail from him. I stopped it before it
> > could activate thanks to my
> > anti-virus protection. Jack
> >
> >
> > ===Mil-Veh is a member-supported mailing list===
> > To unsubscribe, send e-mail to:
> > <mil-veh-off@mil-veh.org>
> > To switch to the DIGEST mode, send e-mail to
> > <mil-veh-digest@mil-veh.org>
> > To reach a human, contact <ack@mil-veh.org>
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Finance - Get real-time stock quotes
> http://finance.yahoo.com
>
> ===Mil-Veh is a member-supported mailing list===
> To unsubscribe, send e-mail to: <mil-veh-off@mil-veh.org>
> To switch to the DIGEST mode, send e-mail to <mil-veh-digest@mil-veh.org>
> To reach a human, contact <ack@mil-veh.org>
>
This archive was generated by hypermail 2.1.4 : Wed Apr 23 2003 - 13:31:45 PDT