North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Worms versus Bots
True, but this isn't just an XP issue. Look at how many ppl are still infected with Code Red/Nimda/Slammer/etc. A Windows 2000 box doesn't fair any better. Heck, I still see Happy99. Eric -----Original Message----- From: Buhrmaster, Gary [mailto:[email protected]] Sent: Monday, May 03, 2004 11:28 PM To: Eric Krichbaum; [email protected] Subject: RE: Worms versus Bots Microsoft has said Windows XP SP2 will have the firewall turned on by default, and that they have "considered" reissuing the installation CD's such that a new installation will have the firewall enabled to deal with just this problem. I do not know the current state of the consideration, but to me it seems reasonable that Microsoft should at least make the offer of a new CD (to anyone who has a valid XP license key?) No, many people will not request a new CD, but then many people never apply patches either. I think this is a horse and water problem. Gary > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Eric Krichbaum > Sent: Monday, May 03, 2004 8:13 PM > To: [email protected] > Subject: FW: Worms versus Bots > > > I see times more typically in the 5 - 10 second range to infection. > As a test, I unprotected a machine this morning on a single T1 to get > a sample. 8 seconds. If you can get in 20 minutes of downloads > you're luckier than most. > > Eric > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of william(at)elan.net > Sent: Monday, May 03, 2004 11:49 PM > To: Sean Donelan > Cc: Rob Thomas; NANOG > Subject: Re: Worms versus Bots > > > On Mon, 3 May 2004, Sean Donelan wrote: > > > On Mon, 3 May 2004, Rob Thomas wrote: > > > ] Just because a machine has a bot/worm/virus that didn't > come with > > > a ] rootkit, doesn't mean that someone else hasn't had their way > with it. > > > > > > Agreed. > > > > Won't help. What's the first thing people do after > re-installing the > > operating system (still have all the original CDs and keys > and product > > > activation codes and and and)? Connect to the Internet to > download the > > > patches. Time to download patches 60+ minutes. > > Time to infection 5 minutes. > > Its possible its a problem on dialup, but in our ISP office I setup > new win2000 servers and first thing I do is download all the patches. > I've yet to see the server get infected in the 20-30 minutes it takes > to finish it > (Note: I also disable IIS just in case until everything is patched..). > > Similarly when settting up computers for several of my relatives (all > have dsl) I've yet to see any infection before all updates are > installed. > > Additional to that many users have dsl router or similar device and > many such beasts will provide NATed ip block and act like a firewall > not allowing outside servers to actually connect to your home > computer. > On this point it would be really interested to see what percentage of > users actually have these routers and if decreasing speed of > infections by new virus (is there real numbers to show it decreased?) > have anything to do with this rather then people being more carefull > and using antivirus. > > Another option if you're really afraid of infection is to setup proxy > that only allows access to microsoft ip block that contains windows > update servers > > And of course, there is an even BETTER OPTION then all the above - > STOP USING WINDOWS and switch to Linux or Free(Mac)BSD ! :) > > > Patches are Microsoft's > > intellectual property and can not be distributed by anyone without > > Microsoft's permission. > I don't think this is quite true. Microsoft makes available all > patches as indidual .exe files. There are quite many of these updates > and its really a pain to actually get all of them and install updates > manually. > But I've never seen written anywhere that I can not download these > .exe files and distribute it inside your company or to your friends as > needed to fix the problems these patches are designed for. > > > The problem with Bots is they aren't always active. That > makes them > > difficult to find until they do something. > As opposed to what, viruses? > Not at all! Many viruses have period wjhen they are active and > afterwards they go into "sleep" mode and will not active until some > other date! > > Additionally bot that does not immediatly become active is good thing > because of you do weekly or monthly audits (any many do it like that) > you may well find it this way and deal with it at your own time, > rather then all over a sudden being awaken 3am and having to clean up > infected system. > > -- > William Leibzon > Elan Networks > [email protected] > > >
|