CR worm infection attempts

Kevin Brown plug-discuss@lists.PLUG.phoenix.az.us
Wed, 08 Aug 2001 18:17:31 -0700


How about contacting their upstream ISP that is connecting them to the net and
demanding they do something about <IP Address> attacking your systems.  See if
you can get them cut off the net by the possibility of lawsuit for damages and
costs incurred to to their negligence.

> <begin dissertation>
> 
> Most companies caught with their pants around their ankles always use
> the 'legal action' response.
> 
> Nobody likes to admit that they missed something, or fscked up in some
> way.  Over the years I've found that admins (especially those reponsible
> for network security) fall into two categories:
> 
> 1) They are kick-ass, up-to-date, open to suggestions and make their
> employers glad they hired them... not to mention like to spread their
> wealth of knowledge around and learn at the same time.  These types
> typically get 'lunch on the boss' frequently.  :-)
> 
> or
> 
> 2) They are slow-to-move, generally reactive as opposed to proactive and
> tend to belittle anyone who tries to help them with an obvious problem.
> Generally these types have large egos and small brains. *grin*  They are
> typically the most tech-fluent person in their comapny, and usually what
> they say goes.  God help anyone who wants to 'show them the light' or
> interrupt their IRC session/Quake Match.
> 
> I have stopped contacting these Code-Red victims for a for reasons.
> 
> 1) I don't have time to play security cop for these places.
> 2) I don't want any possible legal action against me for being a good
> samaritan.
> 3) I'm now under the opinion that if you run M$ server software and
> don't take the responsibility (or follow up with those that do) to
> install security patches for a worm that is broadcast on CNN every
> night, you deserve all the trouble you're incurring/causing.
> 
> I'll be sleeping in my bed, dreaming of Kernel 3.0 and IPv6.  LOL
> 
> <end dissertation>
> 
> ~ Gary ~
> 
> On 08 Aug 2001 13:41:13 -0700, Kim Allen wrote:
> > I've been contacting the sites that my server logs shows that have been
> > hitting me with the code red signature and so far no one has bothered to
> > respond except for one. However that site has told me how secure they are
> > and how there is no way that they have any problems. When I sent them the
> > portions of my server logs showing they do have problem they threaten
> > legal action. Anyone else have had this type of response?