Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft's Early Xmas Present.

From: John Sage <jsage () finchhaven com>
Date: Thu, 03 Jan 2002 09:01:14 -0800
<snip>
Another issue to consider is those people who are on dialup accounts. If there's a number of patches that are going to take hours to download 
and I need to get work done right now, that "feature" becomes a big
problem.  This creates user antipathy for security which is the last
thing you want. 
---Steve
The issue of dialups as an underlying base of infected, unpatched hosts is underappreciated, IMHO..
As an examle of the scope of the problem, at home I'm on a dialup to AT&T through their Seattle WA pop, with a dynamic IP in the 12.82.x.x range of AT&T's 12.x.x.x class A.
I see 40 to 120 CodeRed/Nimda probes to tcp:80 *every* day, week in, week out, from AT&T dialup, DSL and now AT&T Broadband Internet cable clients switched over from the defunct Excite@Home cable network.
I have repeatedly notified abuse () att net with snort logs for almost two months, now, have received nothing but a generic response that really relates more to spam than anything, and have seen little-to-no reduction in the volume of this sort of thing.
These are home users, SOHO users, and small businesses with no IT staff to speak of, all unpatched and infected, and all a potential source of CodeRed/Nimda infection to new boxes coming on line after the Christmas purchasing season. 



- John

--
Computers: they're really nothing but l's and O's


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: