Tuesday, August 12, 2003

Msblast Worm Ravaging Internet?

Hardly, although it's clear a lot of recon is ongoing and thousands of Windows boxes are being owned. Consider this data from the Internet Storm Center:

That's a lot of scanning, but what effect is there on the Internet? Here's a snapshot from the Internet Health Report:

Contrast that report with one posted by H.D. Moore during Slammer. All of the red means severe problems, which aren't seen in today's report:

What this worm proves is that Windows boxes cannot be placed on the Internet without an access control device protecting certain ports. Windows offers too many services that are capable of being exploited. Connecting unprotected laptops to corporate internal networks via VPN is a risk which needs to be controlled. (Here's a home user wondering why his machine keeps rebooting -- msblast.exe?) Companies should look for firewall solutions on the NIC, perhaps like this Linksys USBVPN1. If anyone has experience with this product, please email me.