(ATTN Blue Boar: I understand if this does not make it through, but wanted
to make raise an issue that seems to be overlooked by the no response side;
obviously, it is your call. Thanks for the consideration.)
>> Does anyone realize what a bad idea it is to release worms like this in
>> the first place, regardless of wheatehr or nto they mean well?
Code Green with it's random scans, yes. CRclean responding to attacks, I
wouldn't be so hasty.
>> Think about it.
Yes? I happen to moonlight fixing people's PC problems. I have repaired
dozens of CR infected boxes where one or more of the following was true:
1) the client did not even now they had IIS installed ("Huh?" or "I thought
I had a personal web server")
2) the client had never heard of code red ("Mountain Dew, right?")
3) the client never thought their little home network could be a target ("I
thought that was only on big internet servers. How could they find me?")
Many of these people are on high speed lines, some have infected their
corporate networks. Yet they are without any indication that there is a
problem except that their line seems a little slow or someone sent them a
nasty something saying they have a problem.
I have seen many of the same responses from infections at work, usually some
small workgroup that has a server for their project, etc. The big
difference is that at work we detect them, notify them, shut them down, and
fix the problem.
Systems that have real admins ought to have a few other real things, like
firewalls and internal security. I would not expect them to allow an
insertion from CRclean or the like and to squash it like any other
unauthorized admin program if it did get in.
Probable home networks/standalones (especially from an unnamed cable isp's
addresses), on the other hand, seem to make up a high percentage of my
firewall hits over the last month or so. Are these bad admins? Probably
not. Will the boxes get fixed if something else does not intervene? Again,
Probably not. Will the boxes become zombies in the next attack on your
network? Do I need to answer?
Yes, Micro$oft should put out secure software, but that doesn't mean that
what is out there is majically going away. Yes, people should be more aware
of what their machines are doing, but then it has taken years just to get
them to use computers, much less understand the arcanums of security.
IMHO.
To sum up,
Code Red: bad news, many of the infected will not know even after they are
part of the next big attack.
Code Green: right idea, wrong delivery.
CRclean: right idea, much better delivery.
isp's and backbone working to stop floods like these before they reach us...
hmmm, need to... get down... off soapbox... before I... get... started...
T. Patrick O'Hara
This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 23:42:14 PDT