Last Updated: 2005-01-05 07:16:48 UTC
by Scott Fendley (Version: 1)
As many of you are aware, the WINS server vulnerability (MS04-045) appears to be getting exploited. The ISC, and other organizations have seen a marked increase in the probes directed at WINS services (42/tcp) since December 31, 2004. The Research and Education Networking ISAC has graphs showing marked increases in these probes on Internet2 via the Abilene network netflows.
So, if you have not patched your WINS servers in your respective companies or campuses, beware. Patching these systems is now overdue. Additionally, WINS services probably should not cross your border router. SO please block these ports and keep the rif-raf out in case your local Windows Server Admins have not patched for this over the holidays.
If any of you have packet captures of this activity, please do not hesitate to send it on to the ISC for analysis.
For more information:
We have now entered the first business day of the new year. Stop and think about how old those passwords you are using are now. How many of you can not remember when it was last changed. If your users are anything like mine, it may have been a year on some of our systems. This is a good time to change those root, administrator, and user account passwords. The students will be coming back to their respective University/College/K12 network computers shortly. Corporate users have had many weeks of potentially accessing internal resources through hostile networks at home. Take the time to check your security posture and retire some of those old passwords.
Passwords are like Underwear... Change yours often.
Passwords are like Underwear... Don't leave yours lying around.
Passwords are like Underwear... Don't share them with friends.
Passwords are like Underwear... Be mysterious.
Passwords are like Underwear... The longer the better.
*Note: The above was/is a part of a security awareness campaign started by the ITCS at University of Michigan. Make sure they get all of the appropriate credit for this interesting way to get password security through to end users.
University of Arkansas
sfendley _at_ isc.sans.org
Please choose a specific diary above to comment