Re: fighting the worm (enough of this already)
On Sunday 23 September 2001 21:11 pm, Chang wrote: > You can use port 23 for SSL... I suppose. :) > > >They don't seem to allow SSL from work, so I have no choice. > >I haven't been cracked because: > >1. I have ways. > >2. I am not worth cracking. I mean, what is there to steal? I think he means ssh. And almost any port can be used. I use a port above 10,000. Joel: give that a try. I am sure you can beat their firewall unless they have unplugged from the net entirely. -- ++ + Bruce S. Marshall [EMAIL PROTECTED] Bellaire, MI 09/23/01 21:31 + ++ "Moderation is a fatal thing. Nothing succeeds like excess." - Oscar Wilde ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: fighting the worm (enough of this already)
You can use port 23 for SSL... I suppose. :) >They don't seem to allow SSL from work, so I have no choice. >I haven't been cracked because: >1. I have ways. >2. I am not worth cracking. I mean, what is there to steal? > _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: fighting the worm (enough of this already)
Well, our CEO forwarded my letter to the head of IS for our system. I suspect that the response will be to push ahead and get windows XP installed everywhere ASAP because it must have better security than earlier versions of windows, right? Joel > === > > Here is the letter I sent to our CEO. > > == > Why don't you get rid of the Microsoft explorer and the Microsoft server > software in our system and end these problems? The netscape browser is immune > to this worm, for example. Currently, I am unable to go to Pub Med to get > timely medical information to help evaluate my pathology cases. I don't use > internet explorer. > My home computer web page has had thousands of "hits" by this worm in the > last 24 hours. No damage done because I don't use Microsoft server > software. Our IS people are negligent for allowing this worm to attack us. > And, this will happen again. What will they do to prevent future attacks? ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: fighting the worm (enough of this already)
> You allow telnet into your home box? That's a great way to get > your system cracked. > They don't seem to allow SSL from work, so I have no choice. I haven't been cracked because: 1. I have ways. 2. I am not worth cracking. I mean, what is there to steal? > I thought @HOME had blocked all incoming port 80 traffic to their customers > (their contracts say they shouldn't be running servers). That's what they say. I was very careful at first, but they don't seem to care. Virtually every hit I have taken from the last three worms has come from @HOME ip numbers (many hundreds of unique ip's), so they know there are a lot of servers on their network. I wrote a nasty letter to them a while back, pointing out this situation. They claimed they would become proactive, but nothing has changed. It would be trivial to change apache to listen to different ports. Joel ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: fighting the worm (enough of this already)
On Fri, Sep 21, 2001 at 09:13:29PM -0400, Joel Hammer wrote: >Well, internet access was down all day at work. Couldn't look up anything >regarding medical literature for our specimen sign outs. Really a problem. >My network server went down so no email, internal or external. Of course, I >just telnet home and use my linux box for email, anyway. They stopped >blocking port 23 after the first day. We did get a >message to leave our computers on so IS can fix them all over the weekend. >One of our friends has the same problem at her work. You allow telnet into your home box? That's a great way to get your system cracked. >Here at my house on @HOME I have had 16885 hits by 729 unique ip's since this >began. (This doesn't count the worm, which gave 377 hits over this same >time.) No damage done, since I use apache and we don't browse with IE. >Over on the samba list, some people have had trouble with their samba >servers, since the windows clients sent the worm to all mounted shares. If >anyone has trouble of that sort, they might look at samba.org, I believe. I thought @HOME had blocked all incoming port 80 traffic to their customers (their contracts say they shouldn't be running servers). Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC UUCP: camco!bill PO Box 820; 6641 E. Mercer Way FAX:(206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 URL: http://www.celestial.com/ ``Americans are so enamored of equality that they would rather be equal in slavery than unequal in freedom.'' -Alexis de Tocqueville, 1805-1859 ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: fighting the worm (enough of this already)
Well, internet access was down all day at work. Couldn't look up anything regarding medical literature for our specimen sign outs. Really a problem. My network server went down so no email, internal or external. Of course, I just telnet home and use my linux box for email, anyway. They stopped blocking port 23 after the first day. We did get a message to leave our computers on so IS can fix them all over the weekend. One of our friends has the same problem at her work. The main thing is that NO ONE WILL GET FIRED over this. After all, they were using MS software. What more could they have done? Here at my house on @HOME I have had 16885 hits by 729 unique ip's since this began. (This doesn't count the worm, which gave 377 hits over this same time.) No damage done, since I use apache and we don't browse with IE. Over on the samba list, some people have had trouble with their samba servers, since the windows clients sent the worm to all mounted shares. If anyone has trouble of that sort, they might look at samba.org, I believe. Joel ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: fighting the worm (enough of this already)
On Thu, 20 Sep 2001 10:12:00 -0400 Joel Hammer <[EMAIL PROTECTED]> wrote: | Regarding the response of our IS professionals. They did block all access to | the internet yesterday and today I still can't browse. I guess they think we | all use the Explorer. | I spoke to our lab IS professional today. He wasn't aware of the problem. | He seemed vaguely interested that the Explorer might become infected but he | just gave me a vacuous smile when I suggested that he switch to netscape. | It is beyond belief. Remember, if everything worked, you would need fewer people like him. And I suspect he knows it. Face it. Microsoft is a jobs program in disguise. -- = Roger Oberholtzer E-mail:[EMAIL PROTECTED] OPQ Systems AB WWW: http://www.opq.se Erik Dahlbergsgatan 41-43 Phone: Int + 46 8 314223 115 32 Stockholm Mobile: Int + 46 733 621657 Sweden Fax: Int + 46 8 302602 ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: fighting the worm (enough of this already)
On Thu, 20 Sep 2001 14:17:45 -0400 "Wil McGilvery" <[EMAIL PROTECTED]> wrote: | One thing that needs to be mentioned is that a large number of IT companies | make money because MS is so insecure. Like I said, MS is a jobs program. Linux better be careful. It may get a reputation as a jobs eliminator :-) Of course, if the companies paid the same people the same wages as they do now, and they instead spent their time making OpenSource code instead of fixing stupid problems, there would be no threat to job security. Just better solutions. -- = Roger Oberholtzer E-mail:[EMAIL PROTECTED] OPQ Systems AB WWW: http://www.opq.se Erik Dahlbergsgatan 41-43 Phone: Int + 46 8 314223 115 32 Stockholm Mobile: Int + 46 733 621657 Sweden Fax: Int + 46 8 302602 ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: fighting the worm (enough of this already)
Here is part of the response to the worm at my place. I guess they think that everyone is going to do this. What a joke. Email from IS: === As a follow up to previous communication, Internet access cannot be restored until we have installed a patch to the Microsoft Internet Explorer browser on EVERY PC campus wide, and ALL PC's have been rebooted. As a result of the "Nimda" infestation, I.S. has been tasked with visiting all affected workstations to complete the update noted above. Please excuse the temporary interruption of work while we complete this process. We also need your help to complete this effort. Here's how you can help us. A.) Double-click the attachment at the bottom of this message, then follow the prompts to install the patch (you may get a message that the patch is not necessary - this is OK) B.) After running the attached program successfully, please shut down and restart your computer. C.) If at any time a virus is detected, or if you have any questions concerning this activity, please call the Help Desk at Regardless of the outcome of the patch installation, please send a reply message of "YES" or "NO" to "" to confirm your workstation has been successfully updated or not. Thank you, ITSS, Director == There are hundreds if not thousands of PC in our network. We started out with a couple of guys in IS about 12 years ago who knew a few things about windows. Now this. At least this supplies work for people. Of course, I've sent pointed email to the IS people about their choice of software. I doubt much will change. The bad thing is, due to this problem, I bet the IS people had to miss the required talks on The Nine Pillars of Excellence that HR made everyone attend today. Now they won't know about achieving excellence. This is what happens to an organization that just grows way beyond the competence of its managers. Joel ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: fighting the worm (enough of this already)
it is a religionit would be tremendously difficult to twist a party's religious belief. >The real kick in the teeth is everyone loves to complain, but when you suggest an >alternative, it is rejected. > >I know lots of network administrators who know a lot less than they should. These >people will never recommend anything other than windows or they would lose their jobs. > _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: fighting the worm (enough of this already)
I think it is definitely MORE up in the air than before. What's changed with Nimda is the incorporation of not only exploits but multiple exploits with intelligence to wreak far more havoc than before. Also, most worms until this point targetted servers, with mail viruses focussing on email, and very little IE exploits. This one hits the servers from the clients and the clients from the servers. As more of the old exploits are used in tandem and with more intelligence. I believe that people will be force to take notice. What happens after that is up in the air. Thoughts of that article about TCP/MS come back in scary waves, though. Lee <[EMAIL PROTECTED]To: [EMAIL PROTECTED] et> cc: Sent by:Subject: Re: fighting the worm (enough of this already) linux-users-admi [EMAIL PROTECTED] 09/20/01 12:31 PM Please respond to linux-users Would vote a conditional yes. Not so much desktop users as server administrators. By now they have to be getting pretty fed up with complaints from clients bothered by Microsoft worm of the week shut/slow downs. Wil McGilvery wrote: > I vote no, because they don't believe there is any alternative. A lot of these people don't know that much about their computer and Linux/Unix terrifies them. > > -Original Message- > From: Chang > Sent: Wed 9/19/2001 9:26 PM > To: [EMAIL PROTECTED] > Cc: > Subject: Re: fighting the worm (enough of this already) > > no way. worms would merely lure more users to pay more to microsoft so > that she could solve their problems, kind of a "negative" feedback loop. > > >Let's take a vote. Does anyone think that current users of windows products > >(server or browser) will switch because of this latest worm? > >I vote no, because if they didn't switch after the last worm, they don't > >have the brains or time to make a switch. > > > > _ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > ___ > http://linux.nf -- [EMAIL PROTECTED] > Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users > > ___ > http://linux.nf -- [EMAIL PROTECTED] > Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
RE: fighting the worm (enough of this already)
One thing that needs to be mentioned is that a large number of IT companies make money because MS is so insecure. Think of it. MS makes money from the products and Licenses. Then you have to buy more products and licenses to make the MS product "safer" But it is not really safe, so you have to stay on your toes to ward off new threats or buy more software that will check for you! Then think of the support costs because machines go down or the Internet connection is turned off, etc, etc. The real kick in the teeth is everyone loves to complain, but when you suggest an alternative, it is rejected. I know lots of network administrators who know a lot less than they should. These people will never recommend anything other than windows or they would lose their jobs. On the other hand, I do pretty well supporting these "network administrators" so that brings me back to the beginning of this post. :) Regards, Wil McGilvery Manager, Digital Media Lynch Technologies Inc. 416-744-7191 1-888-622-3729 416-744-0406 FAX www.lynchdigital.com -Original Message- From: Lee [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 11:32 AM To: [EMAIL PROTECTED] Subject: Re: fighting the worm (enough of this already) Would vote a conditional yes. Not so much desktop users as server administrators. By now they have to be getting pretty fed up with complaints from clients bothered by Microsoft worm of the week shut/slow downs. Wil McGilvery wrote: > I vote no, because they don't believe there is any alternative. A lot of these >people don't know that much about their computer and Linux/Unix terrifies them. > > -Original Message- > From: Chang > Sent: Wed 9/19/2001 9:26 PM > To: [EMAIL PROTECTED] > Cc: > Subject: Re: fighting the worm (enough of this already) > > no way. worms would merely lure more users to pay more to microsoft so > that she could solve their problems, kind of a "negative" feedback loop. > > >Let's take a vote. Does anyone think that current users of windows products > >(server or browser) will switch because of this latest worm? > >I vote no, because if they didn't switch after the last worm, they don't > >have the brains or time to make a switch. > > > > _ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > ___ > http://linux.nf -- [EMAIL PROTECTED] > Archives, Subscribe, Unsubscribe, Digest, Etc >->http://linux.nf/mailman/listinfo/linux-users > > ___ > http://linux.nf -- [EMAIL PROTECTED] > Archives, Subscribe, Unsubscribe, Digest, Etc >->http://linux.nf/mailman/listinfo/linux-users ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
RE: fighting the worm (enough of this already)
Good Luck is all I can say! Regards, Wil McGilvery Manager, Digital Media Lynch Technologies Inc. 416-744-7191 1-888-622-3729 416-744-0406 FAX www.lynchdigital.com -Original Message- From: Joel Hammer [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 12:05 PM To: [EMAIL PROTECTED] Subject: Re: fighting the worm (enough of this already) Here is an email we got today. It actually came as a rich text format, not a word document, which is surprising. We are a very large multi-hospital health system. === This is to advise you that a new computer virus called "Nimda" is propagating with unprecedented speed across the Internet. The virus worm is called NIMDA [admin spelled backwards]. A number of [System name] Health servers and desktop computers, primarily in [This city] have been infected. Health Information Systems staff started last night to remove the virus from our environment. The clean-up requirements are taxing IS resources. We have disconnect the [This city] hospitals from the Internet until we have cleaned up all infected servers and desktop computers. It is anticipated that it will take all of today and maybe into tomorrow to rid our environment of the Nimda worm. As soon as our computing and network environment is safe, we will open access to the Internet. Vice President - Information Systems === Here is the letter I sent to our CEO. == Why don't you get rid of the Microsoft explorer and the Microsoft server software in our system and end these problems? The netscape browser is immune to this worm, for example. Currently, I am unable to go to Pub Med to get timely medical information to help evaluate my pathology cases. I don't use internet explorer. My home computer web page has had thousands of "hits" by this worm in the last 24 hours. No damage done because I don't use Microsoft server software. Our IS people are negligent for allowing this worm to attack us. And, this will happen again. What will they do to prevent future attacks? We will see what the response will be. I have raised security issues (secretaries downloading and installing screen savers from the internet) before with no response from IS. Joel ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: fighting the worm (enough of this already)
Here is an email we got today. It actually came as a rich text format, not a word document, which is surprising. We are a very large multi-hospital health system. === This is to advise you that a new computer virus called "Nimda" is propagating with unprecedented speed across the Internet. The virus worm is called NIMDA [admin spelled backwards]. A number of [System name] Health servers and desktop computers, primarily in [This city] have been infected. Health Information Systems staff started last night to remove the virus from our environment. The clean-up requirements are taxing IS resources. We have disconnect the [This city] hospitals from the Internet until we have cleaned up all infected servers and desktop computers. It is anticipated that it will take all of today and maybe into tomorrow to rid our environment of the Nimda worm. As soon as our computing and network environment is safe, we will open access to the Internet. Vice President - Information Systems === Here is the letter I sent to our CEO. == Why don't you get rid of the Microsoft explorer and the Microsoft server software in our system and end these problems? The netscape browser is immune to this worm, for example. Currently, I am unable to go to Pub Med to get timely medical information to help evaluate my pathology cases. I don't use internet explorer. My home computer web page has had thousands of "hits" by this worm in the last 24 hours. No damage done because I don't use Microsoft server software. Our IS people are negligent for allowing this worm to attack us. And, this will happen again. What will they do to prevent future attacks? We will see what the response will be. I have raised security issues (secretaries downloading and installing screen savers from the internet) before with no response from IS. Joel ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: fighting the worm (enough of this already)
Would vote a conditional yes. Not so much desktop users as server administrators. By now they have to be getting pretty fed up with complaints from clients bothered by Microsoft worm of the week shut/slow downs. Wil McGilvery wrote: > I vote no, because they don't believe there is any alternative. A lot of these >people don't know that much about their computer and Linux/Unix terrifies them. > > -Original Message- > From: Chang > Sent: Wed 9/19/2001 9:26 PM > To: [EMAIL PROTECTED] > Cc: > Subject: Re: fighting the worm (enough of this already) > > no way. worms would merely lure more users to pay more to microsoft so > that she could solve their problems, kind of a "negative" feedback loop. > > >Let's take a vote. Does anyone think that current users of windows products > >(server or browser) will switch because of this latest worm? > >I vote no, because if they didn't switch after the last worm, they don't > >have the brains or time to make a switch. > > > > _ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > ___ > http://linux.nf -- [EMAIL PROTECTED] > Archives, Subscribe, Unsubscribe, Digest, Etc >->http://linux.nf/mailman/listinfo/linux-users > > ___ > http://linux.nf -- [EMAIL PROTECTED] > Archives, Subscribe, Unsubscribe, Digest, Etc >->http://linux.nf/mailman/listinfo/linux-users ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: fighting the worm (enough of this already)
Regarding the response of our IS professionals. They did block all access to the internet yesterday and today I still can't browse. I guess they think we all use the Explorer. I spoke to our lab IS professional today. He wasn't aware of the problem. He seemed vaguely interested that the Explorer might become infected but he just gave me a vacuous smile when I suggested that he switch to netscape. It is beyond belief. Joel ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
RE: fighting the worm (enough of this already)
I vote no, because they don't believe there is any alternative. A lot of these people don't know that much about their computer and Linux/Unix terrifies them. -Original Message- From: Chang Sent: Wed 9/19/2001 9:26 PM To: [EMAIL PROTECTED] Cc: Subject: Re: fighting the worm (enough of this already) no way. worms would merely lure more users to pay more to microsoft so that she could solve their problems, kind of a "negative" feedback loop. >Let's take a vote. Does anyone think that current users of windows products >(server or browser) will switch because of this latest worm? >I vote no, because if they didn't switch after the last worm, they don't >have the brains or time to make a switch. > _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: fighting the worm (enough of this already)
no way. worms would merely lure more users to pay more to microsoft so that she could solve their problems, kind of a "negative" feedback loop. >Let's take a vote. Does anyone think that current users of windows products >(server or browser) will switch because of this latest worm? >I vote no, because if they didn't switch after the last worm, they don't >have the brains or time to make a switch. > _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: fighting the worm (enough of this already)
On Wednesday 19 September 2001 06:06, Jerry McBride babbled: > Dude... becareful who you show this to... :') this list is full disclosure. and I didn't advocate using it. I simply made my thoughts available. It is a nice trick though... ;) thanks for the warning though. -- Douglas J. Hunley ([EMAIL PROTECTED]) - Linux User #174778 Admin: http://hunley.homeip.net/Admin: http://linux.nf/ Brainbench Linux Administration Certified ~~ Now offering Linux admin services for the home user ~~ "Arthur yawed wildly as his skin tried to jump one way and his skeleton the other, whilst his brain tried to work out which of his ears it most wanted to crawl out of. ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: fighting the worm (enough of this already)
On Tue, 18 Sep 2001 21:21:40 -0400 "Douglas J. Hunley" <[EMAIL PROTECTED]> wrote: > I am a bit hesitant to post this, but I know others probably feel the way I > do, so... > Doug, Dude... becareful who you show this to... :') You're amongst friends here, no dobt about it... but an idiot from the outside could cause a lot of trouble... That aside, thank you. I printed this one out on the laser printer and will keep it in my personal note book. :') -- ** Registered Linux User Number 185956 http://groups.google.com/groups?hl=en&safe=off&group=linux 5:59pm up 16 days, 5:06, 7 users, load average: 0.00, 0.00, 0.00 ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: fighting the worm (enough of this already)
On Wed, Sep 19, 2001 at 01:43:01PM -0400, Joel Hammer wrote: >Let's take a vote. Does anyone think that current users of windows products >(server or browser) will switch because of this latest worm? >I vote no, because if they didn't switch after the last worm, they don't >have the brains or time to make a switch. It isn't a matter of brains in most cases, but pure ignorance. There's also the matter of job security for the industry that's grown up to put bandaids on the Microsoft plague >It might be time to think whether or not Microsoft has become a security >risk to the country. This is a question? Windows is a threat to any data accessible to the machine. It costs billions every year in time lost waiting for reboots, and recovering data trashed by Windows and the brain-dead Microsoft applications. Check out the paragraph ``Covert use of Windows Machines'' in an article that I wrote back when the I Love You worm hit: http://www.celestial.com/iloveyou/ This was written a couple of years ago. Since then, Microsoft's own servers have been hit for Windows source code (could that be instrumental in perfecting the latest attacks), their servers have been hit by Code Red, and many U.S. Government sites hit as well. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC UUCP: camco!bill PO Box 820; 6641 E. Mercer Way FAX:(206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 URL: http://www.celestial.com/ ``Scientists are explorers. Philosophers are tourists.'' -- Richard Feynman ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: fighting the worm (enough of this already)
On Wednesday 19 September 2001 13:43 pm, Joel Hammer wrote: > Let's take a vote. Does anyone think that current users of windows products > (server or browser) will switch because of this latest worm? > I vote no, because if they didn't switch after the last worm, they don't > have the brains or time to make a switch. I think they're clueless... They don't: 1) Know they really have a problem 2) Know who is responsible for the problem 3) If they knew they had a problem, they wouldn't know how to fix it. If the worse part is, that I am sure a lot of them think of MicroSoft is a hero because it keeps coming to the rescue with 'fixes' for these terrible viruae > It might be time to think whether or not Microsoft has become a security > risk to the country. Now *there* is something really to consider. A very valid point. > Joel > > ___ > http://linux.nf -- [EMAIL PROTECTED] > Archives, Subscribe, Unsubscribe, Digest, Etc > ->http://linux.nf/mailman/listinfo/linux-users -- ++ + Bruce S. Marshall [EMAIL PROTECTED] Bellaire, MI 09/19/01 13:51 + ++ "It is always brave to say what everyone thinks." - Georges Duhamel, French author (1884-1966) ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: fighting the worm (enough of this already)
Let's take a vote. Does anyone think that current users of windows products (server or browser) will switch because of this latest worm? I vote no, because if they didn't switch after the last worm, they don't have the brains or time to make a switch. It might be time to think whether or not Microsoft has become a security risk to the country. Joel ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: fighting the worm (enough of this already)
If the ISP has a clue they have also closed 81 as most servers answer 81 for admin use. On Tuesday 18 September 2001 21:33, Joel Hammer wrote: > This wouldn't be hard to get around. Just register with a company to get > your own domain name and have them maintain it for you ($35 per year?), > then redirect it to your home IP to port, say 81, with apache listening to > port 81. > Windows users are such a drag. Really. But, they help support the economy > and like, everybody has to be somewhere. > Joel > > > My ISP has baanned port 80 (not good actually) after the first code-red > > worm. They haven't lifted the ban yet. > > ___ > http://linux.nf -- [EMAIL PROTECTED] > Archives, Subscribe, Unsubscribe, Digest, Etc > ->http://linux.nf/mailman/listinfo/linux-users -- Ronnie == Life can be a dream; or it can be a nightmare it's all in your mind ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: fighting the worm (enough of this already)
This wouldn't be hard to get around. Just register with a company to get your own domain name and have them maintain it for you ($35 per year?), then redirect it to your home IP to port, say 81, with apache listening to port 81. Windows users are such a drag. Really. But, they help support the economy and like, everybody has to be somewhere. Joel > My ISP has baanned port 80 (not good actually) after the first code-red > worm. They haven't lifted the ban yet. > ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: fighting the worm (enough of this already)
The only pausible reason for linux users to do it is because it's abusing our shared bandwith. I don't have the resources to counter M$ WTC-class terrorists. Get the ISP military. My ISP has baanned port 80 (not good actually) after the first code-red worm. They haven't lifted the ban yet. > >attached is a quick and simple script that in theory (if one would use it for >this purpose, which I'm not advocating) find everyone that has hammered your >Apache site all day, and would connect to their infected IIS server and shut >the server off. > _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: fighting the worm (enough of this already)
"hmm very interesting.." says the wise man.. I concur, (gettin help on the howto of it hehe), that this is enough, I too would have been hesitant about it(posting) and willr eamin hesitant about the porkers knockin at my door Have a good day gents On Tuesday 18 September 2001 20:21, you wrote: > I am a bit hesitant to post this, but I know others probably feel the way I > do, so... > > attached is a quick and simple script that in theory (if one would use it > for this purpose, which I'm not advocating) find everyone that has hammered > your Apache site all day, and would connect to their infected IIS server > and shut the server off. > > I offer it as a proof-of-concept and/or an intellectual exercise. Don't > blame me when the cops bust down your door... Content-Type: application/x-shellscript; charset="iso-8859-1"; name="fight_worm" Content-Transfer-Encoding: base64 Content-Description: -- Bill Day A.K.A. BadMan RLU#188133 RLM#83358 http://counter.li.org irc.openprojects.net #linux-users MicroShaft is the only company that introduces an OS that is worse than the one it replaces. <---> 8:30pm up 48 days, 10:31, 25 users, load average: 0.15, 0.15, 0.06 ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: fighting the worm (enough of this already)
I fought the worm. Virtually all of my hits were coming from 24.0.0.0/8. So, I just blocked that on my firewall without logging it. Joel ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
