[unisog] Handling Code Red & Future Worms

Steve Bernard sbernard at gmu.edu
Mon Aug 6 19:43:37 GMT 2001

There are plenty of people out there who load services without being trained
administrators. I literally just returned from shutting down a server that
was brought up by our internal Support Services group within the last hour.
Although the user knew about the CodeRed worm they didn't think that they
would be infected in the short time that it took to go to the Microsoft site
and download the patch. Like a lot of others, they were also caught off
guard by the fact that IIS in installed by default, they weren't aware that
they were running a web server. We should count ourselves lucky that the
fall semester hasn't started otherwise it would be worse.



-----Original Message-----
From: Paul L Schmehl [mailto:pauls at utdallas.edu]
Sent: Monday, August 06, 2001 3:06 PM
To: Jose Nazario; E. Larry Lidz
Cc: unisog at sans.org
Subject: Re: [unisog] Handling Code Red & Future Worms

Comments inline.

--On Monday, August 06, 2001 2:26 PM -0400 Jose Nazario
<jose at biocserver.BIOC.cwru.edu> wrote:

> On Mon, 6 Aug 2001, E. Larry Lidz wrote:
> you do have a 'no unauthorized servers' clause in your AUP, right? and who
> in their dead brain loads up an IIS server on a weekend like this? break
> out the LART, someone needs a lesson.

That's easy.  TAs, RAs and profs.

Paul L. Schmehl, pauls at utdallas.edu
Supervisor, Support Services
The University of Texas at Dallas
AVIEN Founding Member

More information about the unisog mailing list