[rescue] Fair Warning RPC Worm

Mike Hebel nimitz at nimitzbrood.com
Tue Aug 12 11:21:03 CDT 2003

On Tuesday, August 12, 2003, at 11:02 AM, Michael A. Turner wrote:

> 	Lcukly I was able to convience people around here that patch was
> important. I put it on all the servers the day after it came out. 
> After the
> reaming we took from code red, Nimda, and the SQL slammer worm even my 
> boss
> found it a good idea to install that patch.
> 	Today I am chasing the users who disregarded the E-mail that told
> them to install the patch. Sigh, no way to enforce it and now they are
> whining we should have done more to protect them. Damned if you do, 
> Damned
> if you don't.

Funny thing is.  If you just do proper firewall security this worm 
isn't an issue.  do you r best case and use the "Shields Up" port probe 
stuff at www.grc.com (Gibson Research) and you'll know immediately if 
there's a problem.

I haven't been touched by it here except in an increase in log traffic.

Now my in-law who is unprotected on DSL is another matter.  I spent 
about an hour explaining the problem and the solution to him because he 
got hit by it earlier this week.

All-in-all for my money most people will be sane enough to install the 
security updates.  This does not include suits obviously.

If they don't want to then pitch it as "Evil Hackers" or worse yet 
"Evil Terrorists that could use your computer to shut down government 
computers." and most of the die-hards will roll over and get 
updated/patched somehow.  ;-)

I hate to resort to such things but if it keep virii/worms off of any 
networks I'm involved with then so much the better.  Now if I could 
only convince my "inner anarchist" of that...

Mike Hebel

Medieval Combat anyone? http://www.kingsofchaos.com/page.php?id=694655

More information about the rescue mailing list