Re: FW: Careful. This is for information only.
Robert L. Harris wrote:
> Ok, so your thinking is so much better than everyone else's. You take
> over the world and be the benevelant dictator.
Hardly my point. Apparently you consider it perfectly normal to start
proposing workarounds and solutions when you don't understand the
problem and haven't even been paying attention to the news or the
previous discussion. I'd say it's a waste of time. Familiarize yourself
with the subject first. Try http://www.incidents.org for a good start.
> How much do you know a windows box?
I've been a professional software engineer working primarily on Win32
pretty much as long as Win32 has existed. I know the platform better
than just about anyone I've ever worked with, and I've worked with
some really sharp people.
> There IS an "at" job for windows.
> it bascially acts as a cronjob, just called at. It's usually an add-on
> but does exist and alot of production systems will use it for rotating
> logs, restarting services that aren't "services" and the like.
You're still missing the point. A large percentage (perhaps even a
substantial majority?) of the systems that are propagating Code Red II
are home cable/DSL systems. There is no admin (at least, not a clueful
one in most cases), there is no mail transport, and the "at" command may
well not be installed. And it's still illegal and unethical to invade
someone else's machine even to clean up a mess they don't know they have.
> As per mail, did you know you can send mail to a domain?
Home users typically aren't part of a domain. In fact, I'm sitting here
in the offices of a small startup firm, and we don't have a domain for
our Windows machines because none of us have bothered to set one up yet.
For now, we just have a workgroup.
> Hmm. "my understanding"... Yup, I was stating a fact wasn't I?
No, you were revealing that you haven't even read the major news reports
about Code Red, many of which mentioned that it was targeting a
hard-coded IP address. They had to mention this in order to explain how
the White House sidestepped the attack last month. I was also thoroughly
unimpressed by your apparent willingness to believe that Code Red was of
Chinese origin simply because it claimed to be, which shows a lack of
critical thinking.
> We can still point the entry somewhere
> else, like the loopback addr or /dev/null.
There's no need. The White House moved their server, and Code Red politely
checks to see whether it's possible to connect to it at the hard-coded IP
before bombing it. That's why nothing much happened in late July.
Code Red II is, according to published reports, a new worm that borrows
Code Red's infection mechanism but is otherwise completely different. I
have not seen any statement that Code Red II cares about the White
House's web site.
> Have you ever heard of something called brainstorming or free thinking? You
> throw out odd ideas and see what comes back.
Yup. It works better if you know what you're talking about first,
though. If you had even been reading the discussion here on this list,
you would have heard your basic idea stated and politely shot down
several times over, and would, one hopes, have seen no need to repeat it
yet again. You didn't get flamed simply for making a poor suggestion,
but for making it after it had been quite thoroughly dealt with already,
and for making it clear that you didn't grasp the basic facts of the
situation.
Craig
Reply to: