[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] worm attack

Subject: Re: [cobalt-users] worm attack
From: "William Moore" <bmoore@xxxxxxxxxxxxxxxxx>
Date: Thu Sep 20 07:41:32 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

----- Original Message -----
From: "Kevin D" <kdlists@xxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Thursday, September 20, 2001 11:39 AM
Subject: Re: [cobalt-users] worm attack


> Re windows servers on the net:
>
> > Windows also gets tighter and cleaner with every generation.  As much as
> we
> > hate to admit it;  it is gradually coming up to speed.  In the grand
> > timeline, Windows is still a baby compared to the *NIX world.
> >
> > Be a little more open minded.  It's not US vs THEM.  We are all in the
> same
> > boat when it comes to such cyber-terrorism that we are seeing today in
the
> > internet server field.
>
> I don't think windows is "gradually coming up to speed," I think it is up
to
> speed. I think the problem is that most windows admins lack experience,
and
> are fooled by the nice looking GUI interface that running a server on the
> net is easy. Thus, they put servers out there with default install options
> that are wide open to attack. Who with any linux security experience would
> put a basic default install of RH linux 7 on the net and expect it to be
> secure? I've seen many an inexperienced admin get their cobalt server
hacked
> because they depended on the cute gui interface and didn't have any real
> experience whatsoever.
>
> Lets place the blame squarely on the shoulders of those on whom it
belongs:
> lazy or inexperienced admins.
>
> Kevin
>
>
Ok,   First of all,  I am not an inexperienced admin.  I HAD 18 NT servers
with all the patches etc installed.  The red worm did not bother me,  this
thing killed all of my NT boxes.  Since this thing could jump from machine
to machine with an open file share, I figure that is how I got nailed.
Someone must have vistied an infected site then it spread accross my entire
network.  But as soon as I saw it,  I killed every NT machine I had.  They
are all offline still.  All of the sites are being migrated to my nix boxes
as we speak.  This is after the worm is removed from each and every site.  I
figure sometime on Sunday all will be back to "Normal" here.

Now back to your statement,  "Lets place the blame squarely on the shoulders
of those on whom it belongs:  lazy or inexperienced admins. "  I say it is
the fault of the worthless scum suckers who deliberately try to cause as
much trouble as they can by writing the damn things in the first place.

I took all of the precautions,  kept all the security up and got killed,
Why ??  luck of the draw I think.  On the nix boxes,  I have all the
security patches installed and I monitor all machines constantly.  What more
can an admin do ?

Bill

References:
- RE: [cobalt-users] worm attack
  - From: Troy Fridley
- Re: [cobalt-users] worm attack
  - From: Kevin D

Prev by Date: Re: [cobalt-users] connecting to a mysql database
Next by Date: RE: [cobalt-users] APOP nightmare
Previous by thread: Re: [cobalt-users] worm attack
Next by thread: Re: [cobalt-users] worm attack

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index