[Dshield] Who's doing what

Samuel Samuel at socal.rr.com
Fri Aug 10 21:28:09 GMT 2001

Has anyone determined what other organizations are taking action against the
worms, and what those actions are? There is a lot of discussion within this
mailing list of what to do but I think it would be better to work with as
many other organizations as possible and to include them and be included
with them in discussions of what to do. I agree that it would be better to
develop more long-term solutions whenever possible.

I think that with more long-term solutions developed in cooperation with
other organizations, especially standards and enforcement organizations, if
there is cooperation from internet users is needed, then the media could be
used very effectively. If the potential damage could be explained
dramatically and if actual solutions could be provided clearly, then they
will likely bombard everyone with the information enough to satisfy everyone
in this group at least.

I am not talking about the problem of IIS systems being vulnerable, in which
the solution is to apply the patch from IBM. The problem I am talking about
is the problem of adminstrators that do nto apply the patch and the systems
that have been infected as a result. Sample short-term solutions are (1)
using the worm against itself to apply the patch (2) members of this group
emailing the administrators notifiation of the problem. Sample long-term
solutions would be (1) revise the standards to require that domain name
information include a mechanism for this type of thing (2) establish an
organization officially responsible for notifying system administrators of a
problem affecting the internet in general (3) establish an official
procedure responsible for notification of system administrators of a problem
affecting the internet in general.

More information about the list mailing list