[Dshield] Who's doing what

John Groseclose iain at caradoc.org
Sat Aug 11 18:53:37 GMT 2001


At 11:06 AM -0700 8/11/01, Samuel wrote:
>Microsoft has "Windows Update" which will apply "Critical Updates" nearly
>automatically.

This is assuming that the "end user" will ever click on it.

There are too many people on the 'net right now with absolutely no 
clue that they're running services on their machines. They don't know 
that Win2K Server automatically starts IIS. They don't know that 
Microsoft's default installations of most MS OS's include things like 
SMTP servers, web servers, et cetera ad nauseam.

I'm beginning to think that the solution is to simply disconnect any 
server that continues to show signs of infection. When the person 
calls their ISP to find out what's going on, they can be "educated."

I'm simply astounded that so many of these machines respond to port 
25 requests, but have *no* "postmaster" accounts, in plain violation 
of RFCs. The only blame for *that* can be laid directly on Microsoft 
for ignoring consensus.
-- 
John Groseclose
iain at caradoc.org




More information about the list mailing list