Security Incidents mailing list archives
Re: Nimda esponsibility - Laying appropriatel - implied warranty of sale
From: "Jay D. Dyson" <jdyson () treachery net>
Date: Fri, 28 Sep 2001 10:30:18 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE----- On Fri, 28 Sep 2001, Chip Mefford wrote:
I see one problem as how to recompense those who have been harmed.How about this, Welcome to the Internet; No warranties expressed or implied, use at YOUR OWN RISK.
This argument is myopic at best, fundamentally illogical at worst. The people who are running insecure systems are doing little but fouling the nest for the rest of us. I have absolutely no complaint about defending my systems...but when the insecurity of other systems renders the networks unusuable, that's when I draw the line. Let me put this in real-life terms: my upstream was infested (not just infected...INFESTED) with Code Red since the very start. After getting close to one thousand scans from Code Red systems on the same Class B as my own, I made it a point to alert the upstream about the problem on a realtime basis (hence, Early Bird). Positive results gradually came to pass, but not in sufficient quantity by the time Nimda hit on September 18th. At that point, my upstream was overwhelmed by the traffic generated by the worm (courtesy of the uncaring and/or incompetent IIS admins). ARP storms turned into blizzards; routers began crashing faster than they could be brought up. And the "solution" of the upstream? All traffic on port 80 -- both inbound and outbound -- was BLOCKED. So, thanks to a bunch of uncaring (if not incompetent) admins who couldn't manage their own systems, *my* systems were knocked off the 'net for close to 24 hours. Mind you, NONE of my systems were vulnerable; NONE were infected; NONE were spreading the worm. Even so, both myself and my users (not to mention the security teams for which I work) had to suffer the blackout that was wholly the end product of the [in]actions of the incompetents. Anyone who argues that the innocent should pay the price for the conduct of the guilty should get their head examined. Normally, I would gladly volunteer to perform this task, but my chainsaw is presently out for maintenance. - -Jay ( ( _______ )) )) .-"There's always time for a good cup of coffee."-. >====<--. C|~~|C|~~| (>------ Jay D. Dyson - jdyson () treachery net ------<) | = |-' `--' `--' `--------------- rm -rf /bin/laden ---------------' `------' -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: See http://www.treachery.net/~jdyson/ for current keys. iQCVAwUBO7SlnblDRyqRQ2a9AQFI2gP6Ax5U95E2c3hK829JmkRpupPlC97nered OQQthwrIdGYvlJFK90HL8hd8k91ITr9+87QkD8bZFuEKDu+IQdSmxH+ULIC/SVU5 UpwvcQLFrsRZoIF5LCHufhp+dvlUnVS9lweP7HTzuxcVZ9azanfuDJ9ql+dsJ2aU C8U9T/w3/6w= =X/wH -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Nimda esponsibility - Laying appropriatel - implied warranty of sale Fred Cohen (Sep 27)
- <Possible follow-ups>
- Re: Nimda esponsibility - Laying appropriatel - implied warranty of sale namor (Sep 28)
- Re: Nimda esponsibility - Laying appropriatel - implied warranty of sale fosterd (Sep 28)
- Re: Nimda esponsibility - Laying appropriatel - implied warranty of sale Chip Mefford (Sep 28)
- Re: Nimda esponsibility - Laying appropriatel - implied warranty of sale Jay D. Dyson (Sep 28)
- Re: Nimda esponsibility - Laying appropriatel - implied warranty of sale Chip Mefford (Sep 28)