CR worm infection attempts

Gary Nichols plug-discuss@lists.PLUG.phoenix.az.us
08 Aug 2001 15:47:06 -0700 

<begin dissertation>

Most companies caught with their pants around their ankles always use
the 'legal action' response.  

Nobody likes to admit that they missed something, or fscked up in some
way.  Over the years I've found that admins (especially those reponsible
for network security) fall into two categories:

1) They are kick-ass, up-to-date, open to suggestions and make their
employers glad they hired them... not to mention like to spread their
wealth of knowledge around and learn at the same time.  These types
typically get 'lunch on the boss' frequently.  :-)

or

2) They are slow-to-move, generally reactive as opposed to proactive and
tend to belittle anyone who tries to help them with an obvious problem.
Generally these types have large egos and small brains. *grin*  They are
typically the most tech-fluent person in their comapny, and usually what
they say goes.  God help anyone who wants to 'show them the light' or
interrupt their IRC session/Quake Match.

I have stopped contacting these Code-Red victims for a for reasons.

1) I don't have time to play security cop for these places.
2) I don't want any possible legal action against me for being a good
samaritan.
3) I'm now under the opinion that if you run M$ server software and
don't take the responsibility (or follow up with those that do) to
install security patches for a worm that is broadcast on CNN every
night, you deserve all the trouble you're incurring/causing.

I'll be sleeping in my bed, dreaming of Kernel 3.0 and IPv6.  LOL

<end dissertation>

~ Gary ~


On 08 Aug 2001 13:41:13 -0700, Kim Allen wrote:
> I've been contacting the sites that my server logs shows that have been 
> hitting me with the code red signature and so far no one has bothered to 
> respond except for one. However that site has told me how secure they are 
> and how there is no way that they have any problems. When I sent them the 
> portions of my server logs showing they do have problem they threaten 
> legal action. Anyone else have had this type of response?