I agree with most of what you are saying except for one thing... It is not us that have to accept the consequesnces, its them,,, we are not attacking them, we are responding from an attack by them (albiet unknowingly),,, its just a little more proactive then using portsentry for example to block their IP... They must accept the consequences for not looking after their equipment... they are at fault, we are talking about putting something on OUR servers to respond to an attack scan to stop it happening again. If their server doesn't scan looking to infect us, then they wont be affected. not everyone has bandwidth that won't be affected by thousands or millions of code red servers looking around to propagate. you don't leave a bum hard drive in a mission critical server, software is no different, it shouldn't be left with holes in it... if someone writes some code that will warn the sysadmin,, then I'd endorse that wholeheartedly... but I am not aware of it... (Also, I think we establised that it is against Code Red II that this is effective...) What you are saying is that if we can't help them, we shouldn't hinder them,, Which is great in principle and I'd normally adhere to it myself, but in this case, it doesn't help the overall situation one iota... rgds Frank PS, each to his own I guess, I didn't want to have a huge conversation about it,, I respect other people doing whatever they like, as long as it doesn't adversly affect me or mine... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Craig Sprout Sent: Tuesday, 4 September 2001 5:52 AM To: Mandrake Expert Subject: RE: [expert] The CodeRed -- BZZZT! it does not work On Tue, 4 Sep 2001, Franki wrote: > They may not know that they have been compromised, and unless something > happens to let them know, it will probably stay that way. (if they kept in > touch with their servers via logs and stuff, they would know... but if they > were that type of sysadmin, they would probably have patched their server > before they got compromised.) Chances are, they *don't* know that they are infected. CR hits on my @home cable segment are outnumbering my T1 by a factor of 10. I have now way of knowing if this is typical, but from I am hearing from other sysadmins, they are reporting similar results. > Taking that into account, consider that if their server shutdown a couple of > times for no apparent reason, it may cause them to actually check into why > it is happening... They probably don't even notice. > Also, that code doesn't do anything but shut the server down,,, its the > least of possible things that could be done.... I know! And, as the original poster just wrote, that one doesn't work, so he thinks, hmmmm...maybe, if I use the root.exe command shell, and copy his quicken data to the webserver, I can figure out a different way to get his attention. It's a slippery slope. > They are stealing our bandwidth through their ineptitude,, they deserve what > they get... No, they deserve to be educated. > It should be made clear to corporations that Sysadmin is not just loading > win98 and office onto networked workstations, its a full time job setting > up, maintaining/upgrading and monitoring a network,, people that plug a > server in, set it up, and don't touch it again until it needs upgrading need > to be shown the error of their ways... That's all well and good, but you don't what ripple effects your little stunt will have. Are you willing to take responsibility for any losses that are incurred? > I have tried to convince my co workers, that they are not nearly paranoid > enough and that if I wasn't part of the company it would take me very > little time to compromise root on nearly all the servers not under my > care... And, if they're like my co-workers, they are in awe of your geekiness, and it goes in one ear and out the other. :) > Think about it, if every server running apache (over 60% of the net) put > this patch up... code red II would be dead by tomorrow.... and as a side > benefit, a good many servers running microsoft IIS on the net would be > shutdown... :-) I'll agree with you in principle, if not in method. :) > Stuff like this will always happen as long as companies put guys in IT > positions because they have proved they can install win95/98..... Yes, it will. However, I think that with all the displaced tech workers, these folks are going to go the way of the dodo. > It makes us all look bad... I disagree. When my boss asked if it was going to cause us any problems, I said, "Nope, not a problem at all. Here's why..." It made me look very good. :) +---------------------------------------------------------------+ | Craig Sprout | "Never ascribe to malice that | | Billings, MT | which is adequately explained | | http://www.mtsprouts.net | by incompetence." -Napoleon | +---------------------------------------------------------------+
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
