Okay, okay... I'll back off and take a wait-and-see approach. Let's wait
a few days as research continues and find out if there's a way a server
could get infected other than the methods that have already been
discovered. If it turns out that Microsoft was "lazy on their end",
though, then my initial feeling that someone should lose their job will
be justified.
The other option is that there's some new, unknown exploit out there
that NIMDA used. I guess I was just lucky that my servers were
apparently not vulnerable to that exploit and that the 16 attempts it
uses to break in all result in 404 errors in the logs. If this turns out
to be the case, I'll be eating crow. But I'm not ashamed to admit when
I'm wrong, so this won't be too painful!
We'll have to disagree over whether admins are dropping the
ball--although surely we can agree that SOMEONE is dropping it. Code Red
exploited a vulnerability that had been fixed some time earlier (over a
month, as I recall). Why were so many servers unpatched? And whose
responsibility was it to patch them, if not ours?
________________
John Hornbuckle
Network Manager
Taylor County School District
318 North Clark Street
Perry, FL 32347
-----Original Message-----
From: Clayton [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 2:06 PM
To: NT System Admin Issues
Subject: RE: Microsoft Has Nimda
But are you sure that MS has all of the bits in place to protect your
network? They may have been infected because of something that has been
overlooked, and not because one of their sysadmins was playing quake.
They may have all of the patches they have in place, but were still hit
from the side door. If they overlooked it for themselves, how can you be
sure all of the patches you have will sort you out?
I don't agree that sysadmins have been dropping the ball lately either.
There is more than one ball to carry in most cases, and the trick is
keeping them all up in the air at the same time. It is much easier to
secure a small system than a large one as well, which only adds to the
challenges we all have the pleasure of dealing with daily.
I fully agree that we should always be prepared for all known threats,
but the key work there is known. I certainly don't know all of the
threats out there, and have to take MS on faith in terms of what Service
Pack or hotfix I need to protect my systems, so I hope they were lazy on
their end, at least that way I know we are cool here. If they had all of
the patches in, and still got it anyways, then I guess we are all in for
some long nights.
Clayton Doige
IT Manager MCSE, MCP + I
Gameday International N.V.
Bound in a nutshell, King of infinite space...
T: +5 999 736 0309 ext 4537
C: +5 999 563 1845
F: +5 999 733 1259
E: [EMAIL PROTECTED]
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
