What would be even more interesting would be a script that causes their servers to download and execute the patch file! -JMS [EMAIL PROTECTED] |-----Original Message----- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED]] On Behalf Of Craig Sprout |Sent: Monday, September 03, 2001 5:52 PM |To: Mandrake Expert |Subject: RE: [expert] The CodeRed -- BZZZT! it does not work | | |On Tue, 4 Sep 2001, Franki wrote: | |> They may not know that they have been compromised, and unless |> something happens to let them know, it will probably stay that way. |> (if they kept in touch with their servers via logs and stuff, they |> would know... but if they were that type of sysadmin, they would |> probably have patched their server before they got compromised.) | |Chances are, they *don't* know that they are infected. CR |hits on my @home cable segment are outnumbering my T1 by a |factor of 10. I have now way of knowing if this is typical, |but from I am hearing from other sysadmins, they are reporting |similar results. | |> Taking that into account, consider that if their server shutdown a |> couple of times for no apparent reason, it may cause them to |actually |> check into why it is happening... | |They probably don't even notice. | |> Also, that code doesn't do anything but shut the server down,,, its |> the least of possible things that could be done.... | |I know! And, as the original poster just wrote, that one |doesn't work, so he thinks, hmmmm...maybe, if I use the |root.exe command shell, and copy his quicken data to the |webserver, I can figure out a different way to get his |attention. It's a slippery slope. | |> They are stealing our bandwidth through their ineptitude,, they |> deserve what they get... | |No, they deserve to be educated. | |> It should be made clear to corporations that Sysadmin is not just |> loading win98 and office onto networked workstations, its a |full time |> job setting up, maintaining/upgrading and monitoring a network,, |> people that plug a server in, set it up, and don't touch it again |> until it needs upgrading need to be shown the error of their ways... | |That's all well and good, but you don't what ripple effects |your little stunt will have. Are you willing to take |responsibility for any losses that are incurred? | |> I have tried to convince my co workers, that they are not nearly |> paranoid enough and that if I wasn't part of the company it |would take |> me very little time to compromise root on nearly all the |servers not |> under my care... | |And, if they're like my co-workers, they are in awe of your |geekiness, and it goes in one ear and out the other. :) | |> Think about it, if every server running apache (over 60% of the net) |> put this patch up... code red II would be dead by |tomorrow.... and as |> a side benefit, a good many servers running microsoft IIS on the net |> would be shutdown... :-) | |I'll agree with you in principle, if not in method. :) | |> Stuff like this will always happen as long as companies put |guys in IT |> positions because they have proved they can install win95/98..... | |Yes, it will. However, I think that with all the displaced |tech workers, these folks are going to go the way of the dodo. | |> It makes us all look bad... | |I disagree. When my boss asked if it was going to cause us |any problems, I said, "Nope, not a problem at all. Here's why..." | |It made me look very good. :) | |+---------------------------------------------------------------+ || Craig Sprout | "Never ascribe to malice that | || Billings, MT | which is adequately explained | || http://www.mtsprouts.net | by incompetence." -Napoleon | |+---------------------------------------------------------------+ | | | | |
BEGIN:VCARD VERSION:2.1 N:Sanchez;Jose;M FN:Jose M Sanchez ([EMAIL PROTECTED]) ORG:Net Results, Inc.;Lan Support TITLE:Lan Support TEL;WORK;VOICE:301-972-8271 TEL;HOME;VOICE:301-972-8507 TEL;CELL;VOICE:301-502-0151 TEL;WORK;FAX:301-349-2201 TEL;HOME;FAX:301-349-2201 ADR;WORK:;301-972-8271;17206 Spates Hill Road;Poolesville;Maryland;20837;United States LABEL;WORK;ENCODING=QUOTED-PRINTABLE:301-972-8271=0D=0A17206 Spates Hill Road=0D=0APoolesville, Maryland 20837= =0D=0AUnited States ADR;HOME:;;17206 Spates Hill Road;Poolesville;Maryland;20837;United States LABEL;HOME;ENCODING=QUOTED-PRINTABLE:17206 Spates Hill Road=0D=0APoolesville, Maryland 20837=0D=0AUnited States URL: URL:http://opjose.homeip.net EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:20010825T134515Z END:VCARD
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
