Re: microsoft.com
*** ns2.nv.cox.net can't find www.windowsupdate.com: Non-existent host/domain Some news outlets are reporting this is actually Microsoft's plan, Sure it was, and it's probably the best thing MS could have done (for themselves AND the larger Internet) given the circumstances. After all, infected systems aren't going to stop scanning and DOS attacks from a huge number of compromised hosts targeting windowsupdate.com IPs is simply going to result in increased network utilization for a bunch of garbage traffic that'll either be dropped as a result of congestion on some networks, blackholed on others (from the folks that care no more about MS being DOS attacked then the next guy, but do care about their networks availability and the Internet in general), or hit some severely crippled server(s). MS has bugs, sure, and there's probably no excuse for lots of them. However, it could have been linux or any other OS. Folks give MS a hard time for the same reason they give Cisco a hard time -- because their products are nearly ubiquitous. I'm not going to dive into some huge rant here (others have articulated this point nicely already), some folks are much more passionate than I about the issue and I don't care to spend the cycles arguing something I care little about. MS isn't going away any time soon, like it or not, and the only way problems of this sort (that have been disclosed) are going to be cleanly resolved is by end users patching their systems. -danny PS: If folks are going to rant about MS products being horrible they might want to consider using non-MS products and posting to NANOG from non-MS mail clients/systems *8^).
Re: microsoft.com
On Fri, 15 Aug 2003 17:46:56 PDT, Avleen Vig said: > To the point where it doesn't hurt my network, hurt other people, or > cause me an increase in costs, I won't be going out of my way to defend > MS. Frankly, it might be the only way they'll learn. > Imaging the havok if every Windows virus tried to attack MS. Well, the majority of the recent worms have gotten loose on MS's corporate net and caused enough disruption to make the news, and there was the time that windowsupdate.microsoft.com got nailed by CodeRed... Oh.. wait.. you meant *intentionally* tried to attack pgp0.pgp Description: PGP signature
Re: microsoft.com
On Fri, Aug 15, 2003 at 06:40:49PM -0500, Jack Bates wrote: > I'm sure Microsoft is aware that many networks are severly pissed off > about the extra overhead they are enduring because of this worm. I think > my helpdesk said, "Fry 'em." While we'll continue monitoring and > cleaning up systems scanning for infections, the DOS side of the worm > and variants is rather tame and will be allowed through so long as it > meets standard egress/ingress policy. I just can't see a bunch of > already employee starved networks devoting more resources just to save > Microsoft from their own vulnerability. Having dealt with many very annoying vulnerabilities in the past like this (The numerous CodeRed varients/Nimda, Slammer, this), I'm fed up of it. To the point where it doesn't hurt my network, hurt other people, or cause me an increase in costs, I won't be going out of my way to defend MS. Frankly, it might be the only way they'll learn. Imaging the havok if every Windows virus tried to attack MS. -- Avleen Vig Systems Administrator Personal: www.silverwraith.com
Re: microsoft.com
Crist Clark wrote: Some news outlets are reporting this is actually Microsoft's plan, http://zdnet.com.com/2100-1105_2-5064433.html I'm sure Microsoft is aware that many networks are severly pissed off about the extra overhead they are enduring because of this worm. I think my helpdesk said, "Fry 'em." While we'll continue monitoring and cleaning up systems scanning for infections, the DOS side of the worm and variants is rather tame and will be allowed through so long as it meets standard egress/ingress policy. I just can't see a bunch of already employee starved networks devoting more resources just to save Microsoft from their own vulnerability. -Jack
Re: microsoft.com
"Gregory (Grisha) Trubetskoy" wrote: > > nslookup www.windowsupdate.com > Server: ns2.nv.cox.net > Address: 68.100.16.25 > > *** ns2.nv.cox.net can't find www.windowsupdate.com: Non-existent host/domain Some news outlets are reporting this is actually Microsoft's plan, http://zdnet.com.com/2100-1105_2-5064433.html [sinp] > > > -Original Message- > > > From: Bryan Heitman [mailto:[EMAIL PROTECTED] > > > Sent: Friday, August 15, 2003 8:48 AM > > > To: [EMAIL PROTECTED] > > > Subject: microsoft.com > > > > > > > > > > > > Several networks I have talked to are reporting they can't get to > > > www.microsoft.com > > > > > > Has the virus began? anyone? There apparently was an unrelated DDoS attack on www.microsoft.com, http://www.infoworld.com/article/03/08/15/HNmsfalls_1.html -- Crist J. Clark [EMAIL PROTECTED] Globalstar Communications(408) 933-4387 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact [EMAIL PROTECTED]
RE: microsoft.com
nslookup www.windowsupdate.com Server: ns2.nv.cox.net Address: 68.100.16.25 *** ns2.nv.cox.net can't find www.windowsupdate.com: Non-existent host/domain Grisha On Fri, 15 Aug 2003, Jason Baugher wrote: > > Actually faster than usual here, probably due to akamai: > > Non-authoritative answer: > www.windowsupdate.com canonical name = > windowsupdate.microsoft.nsatc.net. > windowsupdate.microsoft.nsatc.net canonical name = > windowsupdate.microsoft.com.edgesuite.net. > windowsupdate.microsoft.com.edgesuite.net canonical name = > a822.cd.akamai.net. > Name: a822.cd.akamai.net > Address: 166.90.148.198 > Name: a822.cd.akamai.net > Address: 166.90.148.199 > Name: a822.cd.akamai.net > Address: 166.90.148.215 > Name: a822.cd.akamai.net > Address: 166.90.148.233 > Name: a822.cd.akamai.net > Address: 166.90.148.246 > Name: a822.cd.akamai.net > Address: 166.90.148.247 > > Jason Baugher > > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Friday, August 15, 2003 8:46 AM > To: Huopio Kauto > Cc: '[EMAIL PROTECTED]' > Subject: RE: microsoft.com > > > > > Yeah: > > 7 sl-gw29-nyc-0-0.sprintlink.net (144.232.13.16) 8.728 ms 8.674 ms > 8 sl-ft-10-0.sprintlink.net (144.232.171.90) 12.338 ms 11.911 ms 9 > P13-0.NYKCR2.New-york.opentransit.net (193.251.241.30) 37.556 ms 10 > P2-0.NYKBB5.New-york.opentransit.net (193.251.241.230) 12.385 ms 11 > 81.52.249.16 (81.52.249.16) 13.164 ms 19.364 ms 12.446 ms > > Interestingly, there's no reverse dns for 81.52.249.16 and it shows as > being RIPE space...allocated to Akamai...do you suppose this is to > minimize embarassment to MS that they would have to use Akamai? > > On Fri, 15 Aug 2003, Huopio Kauto wrote: > > > > > It seems that Microsoft is Akamai'zing as we speak.. > > > > --Kauto > > > > Kauto Huopio - [EMAIL PROTECTED] > > Information Security Adviser / CERT-FI -coordinator > > Finnish Communications Regulatory Authority / CERT-FI > > tel. +358-9-6966772, fax. +358-9-6966515 > > CERT-FI duty desk +358-9-6966510 / http://www.cert.fi > > > > > > -Original Message- > > From: Bryan Heitman [mailto:[EMAIL PROTECTED] > > Sent: Friday, August 15, 2003 8:48 AM > > To: [EMAIL PROTECTED] > > Subject: microsoft.com > > > > > > > > Several networks I have talked to are reporting they can't get to > > www.microsoft.com > > > > Has the virus began? anyone? > > > > > > Bryan > > > > James Smallacombe PlantageNet, Inc. CEO and Janitor > [EMAIL PROTECTED] http://3.am > > = > >
RE: microsoft.com
Actually faster than usual here, probably due to akamai: Non-authoritative answer: www.windowsupdate.com canonical name = windowsupdate.microsoft.nsatc.net. windowsupdate.microsoft.nsatc.net canonical name = windowsupdate.microsoft.com.edgesuite.net. windowsupdate.microsoft.com.edgesuite.net canonical name = a822.cd.akamai.net. Name: a822.cd.akamai.net Address: 166.90.148.198 Name: a822.cd.akamai.net Address: 166.90.148.199 Name: a822.cd.akamai.net Address: 166.90.148.215 Name: a822.cd.akamai.net Address: 166.90.148.233 Name: a822.cd.akamai.net Address: 166.90.148.246 Name: a822.cd.akamai.net Address: 166.90.148.247 Jason Baugher -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, August 15, 2003 8:46 AM To: Huopio Kauto Cc: '[EMAIL PROTECTED]' Subject: RE: microsoft.com Yeah: 7 sl-gw29-nyc-0-0.sprintlink.net (144.232.13.16) 8.728 ms 8.674 ms 8 sl-ft-10-0.sprintlink.net (144.232.171.90) 12.338 ms 11.911 ms 9 P13-0.NYKCR2.New-york.opentransit.net (193.251.241.30) 37.556 ms 10 P2-0.NYKBB5.New-york.opentransit.net (193.251.241.230) 12.385 ms 11 81.52.249.16 (81.52.249.16) 13.164 ms 19.364 ms 12.446 ms Interestingly, there's no reverse dns for 81.52.249.16 and it shows as being RIPE space...allocated to Akamai...do you suppose this is to minimize embarassment to MS that they would have to use Akamai? On Fri, 15 Aug 2003, Huopio Kauto wrote: > > It seems that Microsoft is Akamai'zing as we speak.. > > --Kauto > > Kauto Huopio - [EMAIL PROTECTED] > Information Security Adviser / CERT-FI -coordinator > Finnish Communications Regulatory Authority / CERT-FI > tel. +358-9-6966772, fax. +358-9-6966515 > CERT-FI duty desk +358-9-6966510 / http://www.cert.fi > > > -Original Message- > From: Bryan Heitman [mailto:[EMAIL PROTECTED] > Sent: Friday, August 15, 2003 8:48 AM > To: [EMAIL PROTECTED] > Subject: microsoft.com > > > > Several networks I have talked to are reporting they can't get to > www.microsoft.com > > Has the virus began? anyone? > > > Bryan > James Smallacombe PlantageNet, Inc. CEO and Janitor [EMAIL PROTECTED] http://3.am =
RE: microsoft.com - what happens when there is no DNS record
Our assessment of worm's behavior is below:
If windowsupdate.com fails to resolve, it will return a -1, which is not
interpreted because this routine has no error checking. The worm then
attempts to send its SYN packets to 255.255.255.255, which may have done
some interesting things, but it looks like the Windows raw socket
implementation won't let that packet out. So basically, nothing
happens.
There might be some issues with cached DNS, but besides that it looks
like the majority of the infections won't be doing much of anything
besides eating CPU cycles on the infected hosts.
Regards,
===
Daniel Ingevaldson
Engineering Manager, X-Force R&D
[EMAIL PROTECTED]
404-236-3160
Internet Security Systems, Inc.
The Power to Protect
http://www.iss.net
===
-Original Message-
From: McBurnett, Jim [mailto:[EMAIL PROTECTED]
Sent: Friday, August 15, 2003 10:26 AM
To: [EMAIL PROTECTED]; Robbie Foust
Cc: Bryan Heitman; [EMAIL PROTECTED]; [EMAIL PROTECTED]; Chris Horry
Subject: RE: microsoft.com
good here thru AT&T and Broadwing..
Jim
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: Friday, August 15, 2003 10:16 AM
To: Robbie Foust
Cc: Bryan Heitman; [EMAIL PROTECTED]; [EMAIL PROTECTED]; Chris Horry
Subject: Re: microsoft.com
No problems here, UUNET out of DC
Robbie Foust
<[EMAIL PROTECTED]>To: Chris Horry
<[EMAIL PROTECTED]>
Sent by: cc: Bryan Heitman
<[EMAIL PROTECTED]>, [EMAIL PROTECTED]
[EMAIL PROTECTED]Subject: Re:
microsoft.com
.edu
08/15/2003 10:04
AM
I've had no problem getting to Microsoft's site(s) today...I'm in the
southeastern US if it makes a difference.
- Robbie
Chris Horry wrote:
>
> Bryan Heitman wrote:
>
>> Several networks I have talked to are reporting they can't get to
>> www.microsoft.com
>>
>> Has the virus began? anyone?
>
>
> Yep, remember it's already August 16th in some parts of the world.
> Unable to get to www.microsoft.com at 0958 EDT.
>
> Chris
>
--
Robbie Foust, IT Analyst
Systems and Core Services
Duke University
RE: microsoft.com
good here thru AT&T and Broadwing.. Jim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, August 15, 2003 10:16 AM To: Robbie Foust Cc: Bryan Heitman; [EMAIL PROTECTED]; [EMAIL PROTECTED]; Chris Horry Subject: Re: microsoft.com No problems here, UUNET out of DC Robbie Foust <[EMAIL PROTECTED]>To: Chris Horry <[EMAIL PROTECTED]> Sent by: cc: Bryan Heitman <[EMAIL PROTECTED]>, [EMAIL PROTECTED] [EMAIL PROTECTED]Subject: Re: microsoft.com .edu 08/15/2003 10:04 AM I've had no problem getting to Microsoft's site(s) today...I'm in the southeastern US if it makes a difference. - Robbie Chris Horry wrote: > > Bryan Heitman wrote: > >> Several networks I have talked to are reporting they can't get to >> www.microsoft.com >> >> Has the virus began? anyone? > > > Yep, remember it's already August 16th in some parts of the world. > Unable to get to www.microsoft.com at 0958 EDT. > > Chris > -- Robbie Foust, IT Analyst Systems and Core Services Duke University
RE: microsoft.com
> Bryan Heitman wrote: > >> Several networks I have talked to are reporting they can't get to >> www.microsoft.com >> >> Has the virus began? anyone? > > > Yep, remember it's already August 16th in some parts of the world. > Unable to get to www.microsoft.com at 0958 EDT. > Northeastern US. No problems reaching it here. ATT & Qwest are ISPs. Learn more about Paymentech's payment processing services at www.paymentech.com THIS MESSAGE IS CONFIDENTIAL. This e-mail message and any attachments are proprietary and confidential information intended only for the use of the recipient(s) named above. If you are not the intended recipient, you may not print, distribute, or copy this message or any attachments. If you have received this communication in error, please notify the sender by return e-mail and delete this message and any attachments from your computer.
Re: microsoft.com
No problems here, UUNET out of DC Robbie Foust <[EMAIL PROTECTED]>To: Chris Horry <[EMAIL PROTECTED]> Sent by: cc: Bryan Heitman <[EMAIL PROTECTED]>, [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: Re: microsoft.com .edu 08/15/2003 10:04 AM I've had no problem getting to Microsoft's site(s) today...I'm in the southeastern US if it makes a difference. - Robbie Chris Horry wrote: > > Bryan Heitman wrote: > >> Several networks I have talked to are reporting they can't get to >> www.microsoft.com >> >> Has the virus began? anyone? > > > Yep, remember it's already August 16th in some parts of the world. > Unable to get to www.microsoft.com at 0958 EDT. > > Chris > -- Robbie Foust, IT Analyst Systems and Core Services Duke University
RE: microsoft.com
Windowsupdate does seem a bit slow. The drones are marching. -Original Message- From: Robbie Foust [mailto:[EMAIL PROTECTED] Sent: Friday, August 15, 2003 9:04 AM To: Chris Horry Cc: Bryan Heitman; [EMAIL PROTECTED] Subject: Re: microsoft.com I've had no problem getting to Microsoft's site(s) today...I'm in the southeastern US if it makes a difference. - Robbie Chris Horry wrote: > > Bryan Heitman wrote: > >> Several networks I have talked to are reporting they can't get to >> www.microsoft.com >> >> Has the virus began? anyone? > > > Yep, remember it's already August 16th in some parts of the world. > Unable to get to www.microsoft.com at 0958 EDT. > > Chris > -- Robbie Foust, IT Analyst Systems and Core Services Duke University
RE: microsoft.com
Chris Hobby wrote: > Bryan Heitman wrote: > > Several networks I have talked to are reporting they can't get to > > www.microsoft.com > > > > Has the virus began? anyone? > > Yep, remember it's already August 16th in some parts of the world. > Unable to get to www.microsoft.com at 0958 EDT. > Not for me. It's as responsive as ever here. Mind you the A record has ceased for windowsupdate.com. Looks like a good nights slee, I hope, at least for us in Australia. Bruce
Re: microsoft.com
I've had no problem getting to Microsoft's site(s) today...I'm in the southeastern US if it makes a difference. - Robbie Chris Horry wrote: Bryan Heitman wrote: Several networks I have talked to are reporting they can't get to www.microsoft.com Has the virus began? anyone? Yep, remember it's already August 16th in some parts of the world. Unable to get to www.microsoft.com at 0958 EDT. Chris -- Robbie Foust, IT Analyst Systems and Core Services Duke University
Re: microsoft.com
Bryan Heitman wrote: Several networks I have talked to are reporting they can't get to www.microsoft.com Has the virus began? anyone? Yep, remember it's already August 16th in some parts of the world. Unable to get to www.microsoft.com at 0958 EDT. Chris -- Chris Horry "Don't submit to stupid rules, [EMAIL PROTECTED] Be yourself and not a fool. PGP: DSA/2B4C654E Don't accept average habits, Amateur Radio: KG4TSM Open your heart and push the limits."
RE: microsoft.com
Yeah: 7 sl-gw29-nyc-0-0.sprintlink.net (144.232.13.16) 8.728 ms 8.674 ms 8 sl-ft-10-0.sprintlink.net (144.232.171.90) 12.338 ms 11.911 ms 9 P13-0.NYKCR2.New-york.opentransit.net (193.251.241.30) 37.556 ms 10 P2-0.NYKBB5.New-york.opentransit.net (193.251.241.230) 12.385 ms 11 81.52.249.16 (81.52.249.16) 13.164 ms 19.364 ms 12.446 ms Interestingly, there's no reverse dns for 81.52.249.16 and it shows as being RIPE space...allocated to Akamai...do you suppose this is to minimize embarassment to MS that they would have to use Akamai? On Fri, 15 Aug 2003, Huopio Kauto wrote: > > It seems that Microsoft is Akamai'zing as we speak.. > > --Kauto > > Kauto Huopio - [EMAIL PROTECTED] > Information Security Adviser / CERT-FI -coordinator > Finnish Communications Regulatory Authority / CERT-FI > tel. +358-9-6966772, fax. +358-9-6966515 > CERT-FI duty desk +358-9-6966510 / http://www.cert.fi > > > -Original Message- > From: Bryan Heitman [mailto:[EMAIL PROTECTED] > Sent: Friday, August 15, 2003 8:48 AM > To: [EMAIL PROTECTED] > Subject: microsoft.com > > > > Several networks I have talked to are reporting they can't get to > www.microsoft.com > > Has the virus began? anyone? > > > Bryan > James Smallacombe PlantageNet, Inc. CEO and Janitor [EMAIL PROTECTED] http://3.am =
RE: microsoft.com
It seems that Microsoft is Akamai'zing as we speak.. --Kauto Kauto Huopio - [EMAIL PROTECTED] Information Security Adviser / CERT-FI -coordinator Finnish Communications Regulatory Authority / CERT-FI tel. +358-9-6966772, fax. +358-9-6966515 CERT-FI duty desk +358-9-6966510 / http://www.cert.fi -Original Message- From: Bryan Heitman [mailto:[EMAIL PROTECTED] Sent: Friday, August 15, 2003 8:48 AM To: [EMAIL PROTECTED] Subject: microsoft.com Several networks I have talked to are reporting they can't get to www.microsoft.com Has the virus began? anyone? Bryan
Re: microsoft.com
Affirmative Bryan, I am unable to reach www.microsoft.com , nor getting response for my ping requests. I think virus is up, oh well I don't know what to say, or shall we say, Rest in Peace? Mehmet Akcin - Original Message - From: "Bryan Heitman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, August 15, 2003 1:47 AM Subject: microsoft.com > > Several networks I have talked to are reporting they can't get to > www.microsoft.com > > Has the virus began? anyone? > > > Bryan >
RE: Microsoft.com attack?
On Fri, 2003-08-01 at 22:16, Matt Ploessel wrote: > http://www.microsoft.com/homepage/features/2003/denialofservice.htm Cool... thanks for the info... Hopefully I'll be able to gather any information I can from our infected machine here and forward it on to the proper authorities... Anyone got a contact for the "good guys" ?? :) Thanks! -- --- Jason H. Frisvold Backbone Engineering Supervisor Penteledata Engineering [EMAIL PROTECTED] RedHat Certified - RHCE # 807302349405893 MySQL Core Certified - ID# 205982910 --- "Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming."
Re: Microsoft.com attack?
I wouldn't put it past Microsoft to make a patch so poorly written, it would actually cause all patched machines to attack the mothership. :-) Adam Maloney wrote: > Yeah, seeing the same here - it's been flaky for us for the last 30 > minutes while we've been trying it. > > I wonder if it's related to this messages.zip / admin@ thing that's all > over the place today. > > I was just thinking the other day, wouldn't it be funny if there was a > worm that had infected machines attack windowsupdate.microsoft.com so you > couldn't patch? :) I haven't confirmed that this is the problem, but it > seems likely. > > Adam Maloney > Systems Administrator > Sihope Communications > > On Fri, 1 Aug 2003, Jason Frisvold wrote: > > > Anyone aware of an attack on www.microsoft.com? I had a customer > > machine that was attacking it, looks like either a bug in Microsoft's > > SP4 (coincidentally this started the day after this was installed) or > > there's some new(?) worm of some sort causing this ?? > > > > Thanks! > > > > -- > > --- > > Jason H. Frisvold > > Backbone Engineering Supervisor > > Penteledata Engineering > > [EMAIL PROTECTED] > > RedHat Engineer - RHCE # 807302349405893 > > Cisco Certified - CCNA # CSCO10151622 > > MySQL Core Certified - ID# 205982910 > > --- > > "Imagination is more important than knowledge. > > Knowledge is limited. Imagination encircles > > the world." > > -- Albert Einstein [1879-1955] > >
RE: Microsoft.com attack?
defcon? -Original Message- From: Adam Maloney [mailto:[EMAIL PROTECTED] Sent: Friday, August 01, 2003 2:05 PM To: Jason Frisvold Cc: [EMAIL PROTECTED] Subject: Re: Microsoft.com attack? Yeah, seeing the same here - it's been flaky for us for the last 30 minutes while we've been trying it. I wonder if it's related to this messages.zip / admin@ thing that's all over the place today. I was just thinking the other day, wouldn't it be funny if there was a worm that had infected machines attack windowsupdate.microsoft.com so you couldn't patch? :) I haven't confirmed that this is the problem, but it seems likely. Adam Maloney Systems Administrator Sihope Communications On Fri, 1 Aug 2003, Jason Frisvold wrote: > Anyone aware of an attack on www.microsoft.com? I had a customer > machine that was attacking it, looks like either a bug in Microsoft's > SP4 (coincidentally this started the day after this was installed) or > there's some new(?) worm of some sort causing this ?? > > Thanks! > > -- > --- > Jason H. Frisvold > Backbone Engineering Supervisor > Penteledata Engineering > [EMAIL PROTECTED] > RedHat Engineer - RHCE # 807302349405893 > Cisco Certified - CCNA # CSCO10151622 > MySQL Core Certified - ID# 205982910 > --- > "Imagination is more important than knowledge. > Knowledge is limited. Imagination encircles > the world." > -- Albert Einstein [1879-1955] >
Re: Microsoft.com attack?
Yeah, seeing the same here - it's been flaky for us for the last 30 minutes while we've been trying it. I wonder if it's related to this messages.zip / admin@ thing that's all over the place today. I was just thinking the other day, wouldn't it be funny if there was a worm that had infected machines attack windowsupdate.microsoft.com so you couldn't patch? :) I haven't confirmed that this is the problem, but it seems likely. Adam Maloney Systems Administrator Sihope Communications On Fri, 1 Aug 2003, Jason Frisvold wrote: > Anyone aware of an attack on www.microsoft.com? I had a customer > machine that was attacking it, looks like either a bug in Microsoft's > SP4 (coincidentally this started the day after this was installed) or > there's some new(?) worm of some sort causing this ?? > > Thanks! > > -- > --- > Jason H. Frisvold > Backbone Engineering Supervisor > Penteledata Engineering > [EMAIL PROTECTED] > RedHat Engineer - RHCE # 807302349405893 > Cisco Certified - CCNA # CSCO10151622 > MySQL Core Certified - ID# 205982910 > --- > "Imagination is more important than knowledge. > Knowledge is limited. Imagination encircles > the world." > -- Albert Einstein [1879-1955] >
