[Gllug] nimda
Rev Simon Rumble
simon at rumble.net
Wed Sep 19 12:05:49 UTC 2001
On Wed, Sep 19, 2001 at 12:23:30PM +0100, will uttered:
> Sometimes I really do wish someone would write a worm that would take out
> the server completely (ie, wipe it). Mean? possibly but then I think
> putting an unpatched windows server on the internet so worms/s-kiddies can
> use it to piss off all the other internet users is pretty mean and selfish
> too. There are entries appearing in logs caused by code red!
Perhaps some sort of highly visible "stick" for such net abuse (ie,
leaving your servers unpatched for a known vulnerability) needs to be
developed along the same lines as the MAPS et al RBL?
A more vigilante approach would be to take the code of the current
worm and modify it to drop all external connections and place a big
notice on the screen. Should get peoples' attention pretty quickly.
Many of the servers here at work are STILL down from Nimba. I've had
106 attempts at my (Apache on Linux) web server. My (real IP) web
server (Apache) on my Win2K box here at work is also taking hits.
--
Rev Simon Rumble <simon at rumble.net>
www.rumble.net
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list