Good morning, On Sat, Mar 20, 2004 at 04:34:55PM -0800, SBlaze told us: > Got this in...thought I would forward it on to the nerfilter list in the > interest of security. > > According to the link.. "Witty is a network worm that spreads through direct > network connections, targeting machines that are running BlackIce security > software." > > It exploits ICQ apparently... "Witty uses a vulnerability in ICQ instant > messaging protocol parsing routines of the ISS Protocol Analysis Module (PAM)." Just for clarification, it does not exploit ICQ but the ICQ protocol parsing routines of the blackice firewall (seems to be one of those personal firewalls I think). > > It might be a good idea to start LOG lines for a source of port 4000 for > unusual traffic(for iptable secured gateways). This would be effective in Even > beter; block or limit these for awhile? Well I think on a gateway/firewall you wouldn't have blackice running. And in any kind of seriously corporate environment, I think chat systems like ICQ should always be filtered and therefore stopped at the (netfilter :) firewall. Of course you need to secure your internal LAN, too, but have a personal firewall on each & every desktop?? > > Good Luck to everyone. > Sven -- Linux zion 2.6.4 #2 Thu Mar 11 20:52:05 CET 2004 i686 athlon i386 GNU/Linux 01:59:28 up 9 days, 3:03, 1 user, load average: 0.00, 0.02, 0.02
Attachment:
pgp00826.pgp
Description: PGP signature
