----- Original Message ----- From: "Tom Rauschenbach" <[EMAIL PROTECTED]> To: "gnhlug" <[EMAIL PROTECTED]> Sent: Tuesday, October 02, 2001 11:13 PM Subject: Re: Website defacement (was: Anti-terrorism bill...)
> On Tuesday 02 October 2001 22:54, Rich Cloutier wrote: > > > Wrong-o, o armchair quarterback! Any web site serving other than static > > content, if it uses Microsoft, will have IIS on it. The Nimda virus spread > > to ALL the servers on the network thru IIS, even though the web server was > > separate. (In fact, the source of the virus was from within the private > > (user) network in the first place. The servers weren't infected from > > "outside." All the servers were corrupted beyond repair (two separate > > anti-virus products were unable to clean the systems completely. > > > Uh, just a simple comment from a simple guy who couldn't spell TCP/IP > a couple of weeks ago and who now is writing from behind a machine running > NAT and a firewall...(and yes damnit I'm proud) Good for you! You can help me with mine when I do it. ;o) > I'm considering running my > firewall off of a CD, so it cannot be cracked. If I'm considering this, > shouldn't the pro's be ashamed that they aren't ? Hell, even MS brags that > their CD duplication facilities are secure 'cuz they run Unix. This is a good idea. However, it wouldn't have helped in this case, and if you go back and reread my post above, you will notice that the infection came from a user INSIDE the network (and, therefore, inside any firewall that might have existed.) > > To whomever it was who said you can't be back up in 15 minutes, I have to ask, > (and this is a question, not a flame) why not have a READ ONLY copy of the > system somewhere that you can restore from in seconds ? Maybe hundreds of > seconds but 15 minutes is a lot of seconds. And what if your read-only copy of the system contains a hitherto unknown exploit? What good is it? Besides, most of the Win2k server images, with IIS and all the other crap on them, WON'T fit on a CDR, and have to be backed up to tape. [Add a few hundred more seconds.] Rich Cloutier SYSTEM SUPPORT SERVICES President, C*O www.sysupport.com ********************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the following text in the *body* (*not* the subject line) of the letter: unsubscribe gnhlug **********************************************************
