I agree with you. Again, without naming names, I know several customers that have not upgraded their IOS software to patch the IPv4 vulnerability, and some don't even have a plan or schedule to do so! We upgraded to appropriate code quite quickly after we were aware of the problem.
Imagine if the recent worm had a timer set not to attack Microsoft's site, but instead to attack Cisco routers with that vulnerability. Use a Microsoft bug to DDoS on Cisco gear! That would have been catastrophic. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -----Original Message----- From: "Chuck Whose Road is Ever Shorter" [mailto:[EMAIL PROTECTED] Sent: Saturday, August 16, 2003 11:26 PM To: [EMAIL PROTECTED] Subject: Re: OT Microsoft worm [7:74045] ""Reimer, Fred"" wrote in message news:[EMAIL PROTECTED] > For reasons of confidentiality I won't and can't name any names, but I am > aware of several hospitals that were affected pretty seriously. Everyone > here knows that Cisco Call Manager runs on Windows, so imagine what happens > to your entire phone infrastructure if you are running VoIP. Network grinds > to a halt and admitting can't access the applications to admit people in the > ER. Lab orders don't go through, so meds can't be dispersed based on the > results of tests. Everything goes back to a paper fall-back scheme until > the Windows administrators patch the systems like they should have done > weeks ago. > > So no, don't assume that even large organizations have a handle on things. > Especially hospitals which are notoriously on the low end as far as > adequately staffing, at the right levels, their IT staff. > > One thing I sincerely hope is changed in our lexicon is calling Windows > administrators "network administrators." It makes me physically ill, > because those folks don't "administer" the "network," if anything they > actually do can be classified as competent administration. They should be > called what they are "systems administrators," or, if you want to be more > specific, "Windows administrators." I personally think they deserve a > classification of their own. > > All I can say is that the Windows systems that our group has to use and is > responsible for were patched long ago, and did not exhibit any issues. in fairness to all, Cisco is starting to be hit with attacks geared specifically towards Cisco routers and Cisco IOS. Seems to me I saw a couple of serious attacks announced the other day. We can chuckle and snicker and point fingers at Microsoft, but all vendors are vulnerable. When the hacker community wants to turn its attention to Linux, or Solaris, or MacOS, those systems will take it in the shorts too. > > Fred Reimer - CCNA > > > Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 > Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 > > > NOTICE; This email contains confidential or proprietary information which > may be legally privileged. It is intended only for the named recipient(s). > If an addressing or transmission error has misdirected the email, please > notify the author by replying to this message. If you are not the named > recipient, you are not authorized to use, disclose, distribute, copy, print > or rely on this email, and should immediately delete it from your computer. > > > -----Original Message----- > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] > Sent: Saturday, August 16, 2003 1:22 PM > To: [EMAIL PROTECTED] > Subject: OT Microsoft worm [7:74045] > > Just wondering, is this new LOVSAN msblast worm as big as it seems to be? > I've been helping lots of Windows users clean up their machines. They all > had the worm. These are mostly home users. I can't believe they would use > broadband, "always-on" access and not have a firewall, but they didn't! > > What are you all seeing? Is this a big one? I suppose enterprise networks > are much better protected (hopefully) than the home networks I've been > helping out with. > > One has to wonder if the huge power outage could be related. I can imagine a > Windows computer somewhere in Ohio that played a surprisingly important role > in keeping the grid working and had been infected..... But I read a lot of > science fiction. :-) > > By the way, the stupid worm is attacking the wrong Microsoft URL! So that > aspect of it isn't going to be as bad as once thought. > > Comments? > > Priscilla > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74079&t=74045 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
