nanog mailing list archives
Re: Worms versus Bots
From: Sean Donelan <sean () donelan com>
Date: Mon, 3 May 2004 22:08:14 -0400 (EDT)
On Mon, 3 May 2004, Rob Thomas wrote:
] Just because a machine has a bot/worm/virus that didn't come with a ] rootkit, doesn't mean that someone else hasn't had their way with it. Agreed.
Won't help. What's the first thing people do after re-installing the operating system (still have all the original CDs and keys and product activation codes and and and)? Connect to the Internet to download the patches. Time to download patches 60+ minutes. Time to infection 5 minutes. Patches are Microsoft's intellectual property and can not be distributed by anyone without Microsoft's permission. Ok, so you order Microsoft's patch CD. Unfortunately it only includes patches through October 2003. Microsoft is selling over 10 million Windows licenses every month. Patches not included.
The record I've seen thus far was a host with 14 distinct and active bots on it. I'm guessing the LEDs on that cable modem never blinked.
The problem with Bots is they aren't always active. That makes them difficult to find until they do something.
Current thread:
- Worms versus Bots Sean Donelan (May 02)
- Re: Worms versus Bots Rob Nelson (May 03)
- Re: Worms versus Bots Mike Lewinski (May 03)
- Re: Worms versus Bots Rob Thomas (May 03)
- Re: Worms versus Bots Sean Donelan (May 03)
- Re: Worms versus Bots william(at)elan.net (May 03)
- How long before infected - Internet addresses are not uniform Sean Donelan (May 03)
- Re: How long before infected - Internet addresses are not uniform Marshall Eubanks (May 04)
- Re: Worms versus Bots Stephen J. Wilcox (May 04)
- Re: Worms versus Bots Rob Thomas (May 03)
- <Possible follow-ups>
- FW: Worms versus Bots Eric Krichbaum (May 03)
- Re: FW: Worms versus Bots Henry Linneweh (May 04)
- RE: Worms versus Bots Buhrmaster, Gary (May 03)
- RE: Worms versus Bots Michel Py (May 03)
- RE: Worms versus Bots Edward B. Dreger (May 04)