On Thu, 6 Sep 2001, Markus Kern wrote: > > "Alexander Sarras (SEA)" wrote: > > > > It might be discussable installing a - easily uninstallable - routine > > which send emails and (broadcast) messages to admin account > > accessible from the infected box, stating very clearly what to do 1) > > to get rid of the worm 2) to get rid of that utility afterwards. But > > surely not another virus. > > > > The only correct way IMHO is to shut of the access to the networks > > for offenders. Via the direct ISP or the upstreams. This has been > > done before, and this works. > > Ron DuFresne's <dufresneat_private> post indicates that this method > doesn't always work as well as we'd like it to. > > Personally I prefer a technical solution to begging and court orders. > http://www.technocracyinc.org/images/cbusses.jpg illustrates my point > quite accurately. I'm certainly not advocating that a bunch of bofh's or internet counter-terrorists put on greyhats and unleash a storm of their own code. The process is not so broken it can't be fixed, or enhanced with some teeth. I do think part of the problems is a standard of the IT industry, too few knowledged souls responsible for far to wide a base of systems to control and manage. It's certainly hinted at in the canned replies that abuse complaints generate: From: Sprintlink Abuse <abuseat_private> ... We are not usually able to respond personally to each message received, but wish to assure you that we investigate each report, and will take appropriate action in accordance with our policies. ... From: abuseat_private ... Please note that due to the volume of e-mails we receive, we are not able to respond personally to each message received. We do investigate each incident brought to our attention and will take corrective action, if appropriate. Please feel free to review our Acceptable User Policy: ... From: abuseat_private ... Unfortunately, although we take all complaints seriously, due to the volume of mail that we receive, we are not able to respond individually to each message sent to this address. Rest assured, however, we will respond to any matter that concerns eminent threats of bodily injury or damage to property. ... And yet, one might think with the current state of the economy, the IT infrasctructure of such organisations might be taking advantage of events and doing some discount hiring. A broken process does not have to be tossed away for lawlessness and outrage. If it's broke, fix it. Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 15:09:23 PDT