Hi,
Thought I'd post this here as this group seems to be one of the most
eclectic and knowledgeable around. We're all aware of the current NIMDA
worm attacks. I recently modified my IIS 404 error page to do a netblock
lookup on the IP of the server trying to attack ours and then email the
netblock owner and store the information in a database. Since doing that
a little over 24hrs ago we've received 84807 attacks from 101 separate
servers.
Considering this worm uses exploits that got massive publicity with Code
Red, I'm wondering about liability of companies that continue to run
vulnerable servers? I'm seriously considering automatically reviewing
all ip addresses 24hrs after they've first attacked and and if I'm
still being attacked giving them a further 6 or 12 hours and then I'll
charge them $1/attack until it stops. For god's sake it's a 15 min job
at most to actually stop the virus, though longer to fully check and
clear the server. Perhaps this sort of action might convince some people
to finally take server patching seriously? Thoughts folks? Any lawyers
on the list interested in taking it up? :-)
Cheers,
david
