[plug] MS vulnerability
Craig Ringer
craig at postnewspapers.com.au
Fri Aug 15 17:31:28 WST 2003
> It didn't make it in past the firewall, web or via email. It came in
> through the one way I wasn't expecting. A certain user decided to take
> their laptop home and dial-up with BigPond directly to the internet
> without a firewall (don't even get me started) and started getting the
> RPC errors with their computer shutting down every 10 minutes, but of
> course they didn't come and ask before plugging it back into the network
> the next day. It took probably no more than a minute from the person
> plugging it in until I pulled the core switch and half of the machines
> were infected.
Thanks for that info. I'm now adjusting my requirements for being
allowed to plug laptops into our network to require a personal firewall
as well as the existing "up-to-date, not crap, virus scanner" requirement.
I'd never even thought of a worm spread into a firewalled LAN by a
laptop. *sigh*. I wish I could make the rule "no, you can't plug it in"
but no such luck. Can most switches do vlans by MAC address, or does it
need to be done by switch port?
Maybe I should set up a vlan to force laptops etc to route via the
gateway to talk to the rest of the network, too...
> Laptop users really are annoying, had the same person get two laptops
> stolen in the space of 6 months and another one brings a diseased one in
> and infects the desktops.... *sighs
Yeah. And they want access to their work files + mail from home, let
their kids use the laptop and install god-knows-what on it, etc. Damnn
things should be banned. I understand fully the attitudes of IT admins
who say "you can't use that at work unless it's running our SOE."
Craig Ringer
More information about the plug
mailing list