Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: The worm author finally revealed!

From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Fri, 31 Jan 2003 19:30:11 -0600
-----Original Message-----
From: yossarian [mailto:yossarian () planet nl] 
Sent: Friday, January 31, 2003 6:35 PM
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] The worm author finally revealed!


But since you asked: I have been a network manager - responsible 
for infra for 5 countries, 61 offices, 10.500 corporate 
computersystems, some 2000 from customers (Firewall farms, 
SAN/NAS, co-location, etc) we had some 1000 programmers, 
7000 IT consultants - total helpdesk size 69 people, some 450 
calls per day. Somewhere else I rebuilt an aircraft manufacturers 
network - getting rid of Phase IV, PDP8's, replace international 
private backbone. Earlies in life been responsible for all mail 
systems (PC clients, PC servers, terminals, midrange, mainframe, 
in 52.000 user network) at bank, total helpdesk size 337, average 
calls per day some 1400 from 37 countries. Never did exciting 
things, though. I hope I qualify.


Now I'm even more surprised that you haven't gotten my point.  Or are
you just trying to play devil's advocate?  My point is that the twits
that think every admin whose network got one instance of Slammer or who
wasn't already blocking 1434/UDP should be fired for incompetence simply
don't have any comprehension of how a large network works.  It's easy to
say "pull the plug" when you're not responsible for the boxes.  It's a
bit harder when you have competing constituencies demanding opposing
actions.

At UTD we *do* pull the plug.  But I would never be so arrogant as to
demand that someone else do, because I don't know their network.  There
can be a *ton* of reasons why something wasn't done (like patching or
blocking ports) *other than* incompetence.

To answer your questions specifically, yes we do test patches, no you
can't test every situation - sometimes shit just happens, of course we
called the vendor, of course we have backups, yes our admins are *very*
experienced (our senior Windows admin is a Certified Banyan Engineer,
among other things, if that tells you anything.)

My point is not that UTD is trying to make excuses (because we're not),
but that calling admins incompetent without even knowing their networks
is arrogant and insulting, and I really wish people would stop doing
that.

I really don't care what anyone calls me.  I don't need validation from
external sources.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: