CR worm infection attempts

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Kevin Brown
Date:  
Subject: CR worm infection attempts
How about contacting their upstream ISP that is connecting them to the net and
demanding they do something about <IP Address> attacking your systems. See if
you can get them cut off the net by the possibility of lawsuit for damages and
costs incurred to to their negligence.

> <begin dissertation>
>
> Most companies caught with their pants around their ankles always use
> the 'legal action' response.
>
> Nobody likes to admit that they missed something, or fscked up in some
> way. Over the years I've found that admins (especially those reponsible
> for network security) fall into two categories:
>
> 1) They are kick-ass, up-to-date, open to suggestions and make their
> employers glad they hired them... not to mention like to spread their
> wealth of knowledge around and learn at the same time. These types
> typically get 'lunch on the boss' frequently. :-)
>
> or
>
> 2) They are slow-to-move, generally reactive as opposed to proactive and
> tend to belittle anyone who tries to help them with an obvious problem.
> Generally these types have large egos and small brains. *grin* They are
> typically the most tech-fluent person in their comapny, and usually what
> they say goes. God help anyone who wants to 'show them the light' or
> interrupt their IRC session/Quake Match.
>
> I have stopped contacting these Code-Red victims for a for reasons.
>
> 1) I don't have time to play security cop for these places.
> 2) I don't want any possible legal action against me for being a good
> samaritan.
> 3) I'm now under the opinion that if you run M$ server software and
> don't take the responsibility (or follow up with those that do) to
> install security patches for a worm that is broadcast on CNN every
> night, you deserve all the trouble you're incurring/causing.
>
> I'll be sleeping in my bed, dreaming of Kernel 3.0 and IPv6. LOL
>
> <end dissertation>
>
> ~ Gary ~
>
> On 08 Aug 2001 13:41:13 -0700, Kim Allen wrote:
> > I've been contacting the sites that my server logs shows that have been
> > hitting me with the code red signature and so far no one has bothered to
> > respond except for one. However that site has told me how secure they are
> > and how there is no way that they have any problems. When I sent them the
> > portions of my server logs showing they do have problem they threaten
> > legal action. Anyone else have had this type of response?