Full Disclosure mailing list archives
RE: RE: DCOM RPC exploit
From: Paul Schmehl <pauls () utdallas edu>
Date: 27 Jul 2003 11:36:08 -0500
On Sun, 2003-07-27 at 10:54, Steve W. Manzuik wrote:
Sure, but have there actually been any "good" worms yet?
There is no such thing as a "good" worm.
Hell, we're *still* seeing Code Red traffic. And what we've *NOT* seen in the last 2 years is a CERT advisory of this magnitude against a Microsoft product that didn't spawn a "Holy Shit" scale worm.Don't forget Nimda as well. But seriously, does Code Red or Nimda actually cause you connectivity issues? I see a ton of Code Red/Nimda like traffic on various logs and yet the effect is pretty much zero.
People used to make the same argument about spam. Ah, just delete it. It's no big deal. But if we have Code Red (all variants) and Nimda and Slammer and Slapper and so forth and so on, do you really want to argue that that has no effect on bandwidth? What would the Internet be like if all that excess traffic wasn't there? Read what you wrote, Steve. "The effect is pretty much zero", yet this comes right after "I see a ton...." If you didn't have the crap in your logs, what could you be doing with your time? The effect isn't zero. You've simply learned to live with a degraded system where Internet worms are the norm and you no longer realize what it was like not to have to deal with the crap. That's sort of like standing in the middle of a rave and claiming the noise doesn't really affect your hearing or ability to carry on a conversation. It's only after you leave and realize your ears are ringing and your hearing is degraded that you understand the impact.
If your boxes are patched, Firewalls configured properly, IDS tuned and running -- why would this new worm be so scary? The only reason that yet another worm is going to be scary is that people don't patch their boxes or configure them to be "secure".
It's not scary, Steve. It's a PITA. It's not like admins are sitting around twiddling their thumbs waiting for the next worm battle. There's plenty to do in IT without the "distraction" of worms and malicious code and all the other crap that idiots put out there.
Perhaps I am missing something but I think Code Red and the likes did everyone a huge favor -- forced people to patch systesm, put script kiddies and consultants alike out of business. Hell, maybe I will write one myself. ;-)
If you do, then I'll add you to my list of true assholes. :-) -- Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: DCOM RPC exploit Steve W. Manzuik (Jul 26)
- Re: RE: DCOM RPC exploit Valdis . Kletnieks (Jul 27)
- Re: RE: DCOM RPC exploit Ron DuFresne (Jul 27)
- RE: RE: DCOM RPC exploit Steve W. Manzuik (Jul 27)
- RE: RE: DCOM RPC exploit Paul Schmehl (Jul 27)
- RE: RE: DCOM RPC exploit Steve W. Manzuik (Jul 27)
- RE: RE: DCOM RPC exploit Nick FitzGerald (Jul 27)
- Re: RE: DCOM RPC exploit Valdis . Kletnieks (Jul 27)