I beg to differ here... The people effected by code red are not competent sysadmins,,, IE, they would I imagine, know that they have winNT or 2000 running on there server, (at least I hope they do) and they know that microsoft release heaps of patches to fix holes that are all through MS server software.. We know that the patch to stop Code Red has been around for bloody ages now... We know that if their server is broadcasting it, that they didn't patch it. We also know that their server is lookin around to infect other servers... so its actively making the problem worse.. They may not know that they have been compromised, and unless something happens to let them know, it will probably stay that way. (if they kept in touch with their servers via logs and stuff, they would know... but if they were that type of sysadmin, they would probably have patched their server before they got compromised.) Taking that into account, consider that if their server shutdown a couple of times for no apparent reason, it may cause them to actually check into why it is happening... Also, that code doesn't do anything but shut the server down,,, its the least of possible things that could be done.... They are stealing our bandwidth through their ineptitude,, they deserve what they get... We have a few NT and 2000 servers, and all of them have been patched for this long ago... Its the responsible thing to do. It should be made clear to corporations that Sysadmin is not just loading win98 and office onto networked workstations, its a full time job setting up, maintaining/upgrading and monitoring a network,, people that plug a server in, set it up, and don't touch it again until it needs upgrading need to be shown the error of their ways... I have tried to convince my co workers, that they are not nearly paranoid enough and that if I wasn't part of the company it would take me very little time to compromise root on nearly all the servers not under my care... IE, Rule number 1 of sysadmin,, keep your software up to date... and watch the security sites for compromises. For those who are irresponsible enough to not do that,, serves them right.. I mean, how long has Code red 1 and 2 been in the news now? If they still haven't patched their server chances are they are not going to... Think about it, if every server running apache (over 60% of the net) put this patch up... code red II would be dead by tomorrow.... and as a side benefit, a good many servers running microsoft IIS on the net would be shutdown... :-) Stuff like this will always happen as long as companies put guys in IT positions because they have proved they can install win95/98..... It makes us all look bad... rgds Frank -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Craig Sprout Sent: Tuesday, 4 September 2001 3:45 AM To: Mandrake Expert Subject: Re: [expert] The CodeRed -- BZZZT! it does not work On Mon, 3 Sep 2001, Expert wrote: > I hate to be the bringer of bad news, but this 'script' > does not work. > > I am still being hit by servers by the same ip address, > so it did not really shut them down. > > Oh well, nice to wish. I may be the lone voice of dissension here, but I'm glad that it didn't work. I know that the intent is good, but let's put this in a different context. What if J. Random Stranger decided to fix your car, because he heard it knocking? You peek outside to see him replace the hood, and carry on. You stop him and say, "What did you just do?" "Oh, don't worry, I'm a mechanic. I just adjusted your idle. It was running fast." Or, even better, suppose I notice that you haven't patched your foo-httpd package, so I get root on your box, and patch the hole. But, just to be a nice guy so I can help you out if you are in trouble again, I leave myself a nice back door. Believe me, I am as annoyed with Code Red as anyone, but this just isn't the Right Way to handle it, IMO. +---------------------------------------------------------------+ | Craig Sprout | "Never ascribe to malice that | | Billings, MT | which is adequately explained | | http://www.mtsprouts.net | by incompetence." -Napoleon | +---------------------------------------------------------------+
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
