<snip> > > Another issue to consider is those people who are on dialup accounts. > If there's a number of patches that are going to take hours to download > and I need to get work done right now, that "feature" becomes a big > problem. This creates user antipathy for security which is the last > thing you want. > > ---Steve The issue of dialups as an underlying base of infected, unpatched hosts is underappreciated, IMHO.. As an examle of the scope of the problem, at home I'm on a dialup to AT&T through their Seattle WA pop, with a dynamic IP in the 12.82.x.x range of AT&T's 12.x.x.x class A. I see 40 to 120 CodeRed/Nimda probes to tcp:80 *every* day, week in, week out, from AT&T dialup, DSL and now AT&T Broadband Internet cable clients switched over from the defunct Excite@Home cable network. I have repeatedly notified abuseat_private with snort logs for almost two months, now, have received nothing but a generic response that really relates more to spam than anything, and have seen little-to-no reduction in the volume of this sort of thing. These are home users, SOHO users, and small businesses with no IT staff to speak of, all unpatched and infected, and all a potential source of CodeRed/Nimda infection to new boxes coming on line after the Christmas purchasing season. - John -- Computers: they're really nothing but l's and O's ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jan 03 2002 - 10:59:59 PST