no problems here.  everything is fine.  

-----Original Message-----
From: Bowen, Todd 
Sent: Monday, November 26, 2001 10:04 AM
To: Richey, Cooper
Subject: FW: New Distributed Denial of Service Program in the Wild


Cooper,
 
Please check for this vulnerability amongst your folks and advise soonest...
 
Regards,
 
Todd
 
-----Original Message-----
From: Dietrich, Dan 
Sent: Monday, November 26, 2001 8:27 AM
To: Wiebe, Chris; Bowen, Todd
Subject: RE: New Distributed Denial of Service Program in the Wild


Thanks Chris!
 
Todd, please work with Cooper and advise me before end of business of your finds. Thanks!
 

-----Original Message-----
From: Wiebe, Chris 
Sent: Monday, November 26, 2001 9:25 AM
To: Dietrich, Dan
Cc: Bowen, Todd
Subject: RE: New Distributed Denial of Service Program in the Wild


Well, if Cooper or his group over there have any personal/desktop instances, I don't look after them.
 

Chris Wiebe 
Staff, Data Technologies 
Enron Canada Corp. 
Phone: (403) 974-6929 
Cell: (403) 650-7224 
Pager: (403) 212-9989 
Pager email: chriswiebe@epagenet.net 
Email: Chris.Wiebe@Enron.com 

-----Original Message-----
From: Dietrich, Dan 
Sent: Monday, November 26, 2001 8:23 AM
To: Wiebe, Chris
Cc: Bowen, Todd
Subject: RE: New Distributed Denial of Service Program in the Wild


Are there SQL Servers you do not look after?
 

-----Original Message-----
From: Wiebe, Chris 
Sent: Monday, November 26, 2001 9:21 AM
To: Dietrich, Dan; Kane, Paul; Marryott, Michael
Cc: Bowen, Todd; Steiner, David; Ward, Bob; Ogg, Jim; Smith, Bruce
Subject: RE: New Distributed Denial of Service Program in the Wild


The SQL Servers that I look after all have a password for the SA account.
 

Chris Wiebe 
Staff, Data Technologies 
Enron Canada Corp. 
Phone: (403) 974-6929 
Cell: (403) 650-7224 
Pager: (403) 212-9989 
Pager email: chriswiebe@epagenet.net 
Email: Chris.Wiebe@Enron.com 

-----Original Message-----
From: Dietrich, Dan 
Sent: Sunday, November 25, 2001 8:12 PM
To: Kane, Paul; Wiebe, Chris; Marryott, Michael
Cc: Bowen, Todd; Steiner, David; Ward, Bob; Ogg, Jim; Smith, Bruce
Subject: FW: New Distributed Denial of Service Program in the Wild
Importance: High


Please advise ASAP as to the status of the SQL at your respective locations.
 
Thanks!
 

-----Original Message----- 
From: Smith, Bruce 
Sent: Sun 11/25/2001 4:42 PM 
To: Setliff, John; Dietrich, Dan; Chumley, Jason 
Cc: 
Subject: FW: New Distributed Denial of Service Program in the Wild





-----Original Message----- 
From: McAuliffe, Bob 
Sent: Sunday, November 25, 2001 3:12 PM 
To: Gubser, Marlin; Ray, Edward; Behney, Chris; Matson, Randy; Croucher 
Jr., Mike; Smith, Bruce; Deleon, Roberto; Ogg, Jim 
Subject: Fw: New Distributed Denial of Service Program in the Wild 
Importance: High 



bob.mcauliffe@enron.com 
-------------------------- 
Sent from my BlackBerry Wireless Handheld 

-----Original Message----- 
From: Thibodeaux, Mark <Mark.Thibodeaux@ENRON.com> 
To: McAuliffe, Bob <Bob.McAuliffe@ENRON.com>; Bramwell, James <james.bramwell@enron.com>; Reyes, Charles <Charles.Reyes@ENRON.com>

CC: Enron Network Security <EnronNetworkSecurity@ENRON.com>; EEL IT Security <EELITSecurity@ENRON.com>; Matson, Randy <Randy.Matson@ENRON.com>; Ray, Edward <Edward.Ray@ENRON.com>; Dziadek, Keith <Keith.Dziadek@ENRON.com>; Abshire, Scott <Scott.Abshire@ENRON.com>; Martinez, Bob <Bob.Martinez@ENRON.com>; Hillier, Bob <Bob.Hillier@ENRON.com>; Hotte, Steve <Steve.Hotte@ENRON.com>; Dayao, Anthony <Anthony.Dayao@ENRON.com>; Rub, Jenny <Jenny.Rub@ENRON.com>; Webb, Jay <Jay.Webb@ENRON.com>; Freeman, Paul <paul.freeman@enron.com>; Pickering, Mark <Mark.Pickering@Enron.com>; Parsons, Andrew <Andrew.Parsons@ENRON.com>

Sent: Sun Nov 25 11:57:22 2001 
Subject: New Distributed Denial of Service Program in the Wild 

A new denial of service worm program, - like "sadmind", "nimda", etc. - has been discovered by the staff of SecurityFocus. This new program attacks Microsoft SQL servers that do not have a password set on their administrator accounts (named "sa"). Strange as it may seem, I know from experience that we have had a number of SQL servers at Enron that would be vulnerable to this (i.e., they don't have passwords on their "sa" accounts).

I am running a scan now on port 1433 only (where SQL server runs) to try to identify all vulnerable servers we may have. I will be providing this list to Eddie Ray and the EEL IT Security team for coordination of the remediation work.

Details on the worm can be found at <http://www.securityfocus.com/> on the front page. 

Mark Thibodeaux 
Enron Corp. - IT Compliance 
713-853-9373 
713-826-4738 (cell)