On Tue, Jul 31, 2001 at 02:57:18PM -0400, Jonathan A. Zdziarski wrote: > To reiterate, IMHO it's both the fault of the vendor and the ISP. MS > *should* have had a patch out for this long before this happened. Microsoft had a patch available one month before the worm gained national news status. June 18th. The worm had its peak on July 19th (only as a result of a self-imposed 20th deadline .. how many more machines could have been involved had it waited until the 21st?) Sadly, it claimed only Microsoft Index Server 2.0 and Indexing Service in Windows 2000 as affected, with a note that Windows XP's Indexing Service is also vulnerable. Thus, folks that don't use MS's Index* Serv* product didn't bother. (And those are the folks that bother to receive security news from Microsoft. How many countless others don't bother?) Simply having the problem dll on the machine is sufficient, as far as I can tell. I still maintain ISPs cannot and should not be held liable for this perfectly legitimate http traffic. If any ISPs feel like making efforts to prevent the spread etc, great. That the one ISP mentioned here recently called their infected customers is simply amazing -- and if other ISPs wanted to follow suit, I would be pleased. But lets not force ISPs to do anything other than provide service to the internet. (And yes, if more ISPs want to perform ingress and egress filtering of RFC 1918 addresses, I'm all for that too. But that wouldn't have helped here.) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 16:03:21 PDT