Given that the patches that stopped the flaws code red relied on were about a year old when code red was released, its quite possible that even a vaguely competent admin wouldn't see it on their servers.
Robert Moir MSMVP IT Systems Engineer Luton Sixth Form College Ciderspace: An online 3D virtual reality environment for tramps. Ciderspace Cafe: A park Bench. > -----Original Message----- > From: Granatella Adam J [mailto:Adam.Granatella@;Sentry.com] > Sent: 15 November 2002 13:30 > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] AD and Network Core Services & Anti-Virus > > > Two words: Code Red. > > -----Original Message----- > From: Roger Seielstad [mailto:roger.seielstad@;inovis.com] > Sent: Friday, November 15, 2002 7:13 AM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] AD and Network Core Services & Anti-Virus > > > Every virus attack I've seen enters at the client machine > level - regardless of how it enters the network, it infects a > client machine. Its rare to have every client machine 100% up > to date on AV signatures, etc, and because of that, they're > always going to be the entry point. > > With that in mind, you need to take steps to protect every > server, regardless of function. To do otherwise is, in this > day and age, irresponsible. > > ------------------------------------------------------ > Roger D. Seielstad - MCSE > Sr. Systems Administrator > Inovis - Formerly Harbinger and Extricity > Atlanta, GA > > > > -----Original Message----- > > From: Luis Aguilera [mailto:laguilera@;basesix.com] > > Sent: Thursday, November 14, 2002 5:52 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] AD and Network Core Services & Anti-Virus > > > > > > The important thing is to keep in mind were your vulnerabilities to > > viruses lie. > > > > Most viruses, IME, come through either documents and/or emails. So > > setting up a good system that protects your file servers and email > > servers from malicious code will go a long way in protecting your > > network. You also want to think of implementing a system > that protects > > the end users, particularly something featuring the > "pushing" of virus > > definitions from a central location (that an admin manages) > > rather than leave the onus of updating the virus defs to end users. > > > > Also, please correct me if I'm wrong, but I've yet to see a > virus that > > directly targets AD, DHCP, DNS or other DNS servers. Does > any know of > > any? > > > > Luis Aguilera > > IT Manager > > BaseSix > > > > -----Original Message----- > > From: Tim HInes [mailto:nupe009@;carolina.rr.com] > > Sent: Thursday, November 14, 2002 4:26 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [ActiveDir] AD and Network Core Services & > Anti-Virus > > > > > > Although antivirus programs can cause problems I would > advise that > > you run it on your servers. The disasters that a virus can cause > > outweigh the problems that a virus scanner may cause. It > may save you > > from having to rebuild your boxes. > > > > > > Tim Hines, MCSA, MCSE (2000 & NT4) > > MVP - Active Directory > > > > > > > > > > > > ----- Original Message ----- > > From: Myrick, Todd (NIH/CIT) > > <mailto:myrickt@;mail.nih.gov> > > To: > > '[EMAIL PROTECTED]' > > Sent: Thursday, November 14, 2002 3:53 PM > > Subject: [ActiveDir] AD and Network Core > > Services & Anti-Virus > > > > > > I have a quick question, Our operating > > procedures for Core Network Service (AD DCs, WINS, DDNS, CA, > > Exchange (Antigen), DHCP) servers has been not to run with > > Anti-Virus protection on them. We feel that the potential for > > scanner code to conflict with the network service is higher > > if we do, and since we don't execute man applications from > > the server unless they are scanned we don't feel we are at > much risk. > > > > What I would like to know is, what does > > everyone on this list feel an is a good strategy when it > > comes to these types of services and anti-virus product? > > > > Thanks in Advance, > > Todd > > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > This e-mail is confidential. If you > are not the intended recipient, you must not disclose or use > the information contained in it. If you have received this > mail in error, please tell us immediately by return e-mail > and delete the document. > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
