Last month, some cretin Out There writes Yet Another Worm called Blaster that can infect whole networks at once. That is, whole networks of Windows computers who haven’t upgraded their operating system to incorporate the latest security patches from Microsoft. One of the side features of these infections was a planned Denial of Service attack that was supposed to be launched against Microsoft’s WindowsUpdate servers this past weekend.
So I start digging into the reality of this situation and find that buried in all this information is another weakness that isn’t widely publicized. One port that could be a problem is the port used by trivial file transfer, which happens to be port 69 for those of you that keeping track. This port wasn’t named by the feds as a target. The worm uses this port to move copies of itself to other machines. This is the port that you need to close off, as our own network administrators found out when someone brought their laptop in from home and infected our corporate network last week.
You can read more of this essay here.