[Dshield] Who's doing what

castu castu at jfkadatc.net
Sat Aug 11 02:35:41 GMT 2001

> Has anyone determined what other organizations
> are taking action against the
> worms, and what those actions are? 

There's really only one solution - and nothing to
talk about. If people running webservers, make
that ANY server with Internet access, would try
and spend a little time perusing security sites
this wouldn't happen as often.

I subscribed to the MS security emails,
microsoft.com/security. If/when a new patch is
released, I check it out and apply it if need be.
I do some consulting on the side and make it a
point to patch their machines also. If it's an
important patch I will apply it at no cost just to
make sure it's been addressed.

> I am not talking about the problem of IIS
> systems being vulnerable, in which
> the solution is to apply the patch from IBM.

Er, you mean MS. Unless IBM is going to send me
$476.59 for applying the patch if I download it
while using Netscape 6.1 from my free AOL dialup
account I received when I bought a book at Amazon.

> The problem I am talking about
> is the problem of adminstrators that do nto
> apply the patch and the systems
> that have been infected as a result.

I know of a person that has NEVER patched a
machine. He's more concerned about uptime than
anything else. And he wonders why he's been broken
into twice.

> short-term solutions are (1)
> using the worm against itself to apply the
> patch

Legally I don't think I'd want to go there.

> (2) members of this group
> emailing the administrators notifiation of the
> problem.

I've done that. I've even called. One person told
me to mind my own business. Funny, he's blocked
now. I'll have to tell his clients that they can't
sent email to use anymore.

> solutions would be (1) revise the standards to
> require that domain name
> information include a mechanism for this type
> of thing 

You can do a whois on internic and get contact
info, but valid addresses aren't required. If the
big registry houses started making full
information mandatory they'd lose a lot of
business to those who could care less.

>(2) establish an
> organization officially responsible for
> notifying system administrators of a
> problem affecting the internet in general

Get started on it, I wouldn't want to even go
anywhere NEAR running something this big.

> establish an official
> procedure responsible for notification of
> system administrators of a problem
> affecting the internet in general.

It's up to the admin to keep his stuff up to date.
Yes, we can blame MS. But it's our job as admins
(if you are an admin) to keep abreast of these

I do all I can. I keep my boxes patched, I let
others know of a problem and email them a
solution. But no one can force any of this down
another's throat.

More information about the list mailing list