Full Disclosure mailing list archives
RE: The worm author finally revealed!
From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Fri, 31 Jan 2003 19:30:11 -0600
-----Original Message----- From: yossarian [mailto:yossarian () planet nl] Sent: Friday, January 31, 2003 6:35 PM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] The worm author finally revealed!
But since you asked: I have been a network manager - responsible for infra for 5 countries, 61 offices, 10.500 corporate computersystems, some 2000 from customers (Firewall farms, SAN/NAS, co-location, etc) we had some 1000 programmers, 7000 IT consultants - total helpdesk size 69 people, some 450 calls per day. Somewhere else I rebuilt an aircraft manufacturers network - getting rid of Phase IV, PDP8's, replace international private backbone. Earlies in life been responsible for all mail systems (PC clients, PC servers, terminals, midrange, mainframe, in 52.000 user network) at bank, total helpdesk size 337, average calls per day some 1400 from 37 countries. Never did exciting things, though. I hope I qualify.
Now I'm even more surprised that you haven't gotten my point. Or are you just trying to play devil's advocate? My point is that the twits that think every admin whose network got one instance of Slammer or who wasn't already blocking 1434/UDP should be fired for incompetence simply don't have any comprehension of how a large network works. It's easy to say "pull the plug" when you're not responsible for the boxes. It's a bit harder when you have competing constituencies demanding opposing actions. At UTD we *do* pull the plug. But I would never be so arrogant as to demand that someone else do, because I don't know their network. There can be a *ton* of reasons why something wasn't done (like patching or blocking ports) *other than* incompetence. To answer your questions specifically, yes we do test patches, no you can't test every situation - sometimes shit just happens, of course we called the vendor, of course we have backups, yes our admins are *very* experienced (our senior Windows admin is a Certified Banyan Engineer, among other things, if that tells you anything.) My point is not that UTD is trying to make excuses (because we're not), but that calling admins incompetent without even knowing their networks is arrogant and insulting, and I really wish people would stop doing that. I really don't care what anyone calls me. I don't need validation from external sources. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/~pauls/ AVIEN Founding Member _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: The worm author finally revealed! yossarian (Jan 31)
- <Possible follow-ups>
- Re: The worm author finally revealed! Paul Schmehl (Jan 31)
- Re: The worm author finally revealed! Ron DuFresne (Jan 31)
- Re: The worm author finally revealed! Paul Schmehl (Jan 31)
- Re: The worm author finally revealed! yossarian (Jan 31)
- RE: The worm author finally revealed! Sung J. Choe (Jan 31)
- Re: The worm author finally revealed! yossarian (Feb 01)
- RE: The worm author finally revealed! Schmehl, Paul L (Jan 31)
- RE: The worm author finally revealed! Ron DuFresne (Jan 31)
- Re: The worm author finally revealed! Jonathan Rickman (Jan 31)
- Re: The worm author finally revealed! Douglas F. Calvert (Jan 31)
- Re: The worm author finally revealed! David Howe (Feb 03)
- Re: The worm author finally revealed! David Howe (Feb 03)
- Re: The worm author finally revealed! David Howe (Feb 03)