Re: Well, this is reassuring...
FYI, SANS probably did not send that message at all, read the following excerpt from Symantec's write up of the Nimda virus: "The worm begins the mass-mailing routine by first searching for email addresses. The worm searches for email addresses in .htm and .html files on the local system. The worm also uses MAPI to iterate through messages in the Inbox of email clients. Any MAPI supporting email clients may be affected including Microsoft Outlook and Outlook Express. The worm uses these email address for the To: and the From: addresses. Thus, the From: addresses will not be from the infected user. " Heidi Pilewski Windows Systems Administrator Software Engineering Institute [EMAIL PROTECTED] Greg Page wrote: > > It's not a rumor, it's what happened. That this e-mail got to one of their > people and propagated is disturbing. Antigen caught it at my GW and didn't > send it anywhere. What's there excuse? > > Greg > > -Original Message- > From: Dean Cunningham [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, September 19, 2001 9:19 PM > To: NT System Admin Issues > Subject: RE: Well, this is reassuring... > > Careful before spreading such a rumor, the detecters may well be > oversensiitve at this point. McAffee did the same to me *because* a guy had > posted to the mailing lust and email containing a portion of the > javascript. I would suggest considering the source of teh messaging being > blocked, that it is like they the message was benign and they too had a > portion of code in it that set the alarm bells off. > > regards > Dean > > -Original Message- > From: Greg Page [mailto:[EMAIL PROTECTED]] > Sent: Thursday, 20 September 2001 12:49 p.m. > To: NT System Admin Issues > Subject: Well, this is reassuring... > > Antigen for Exchange found readme.exe infected with JScript/Nimda.A.Worm > (CA(InoculateIT)) worm. The message is currently Purged. The message, "SANS > NewsBites Vol. 3 Num. 38", was sent from The SANS Institute and was > discovered in IMC Queues\Inbound located at ORGANIZATION/SITE-1/ALEXAPP001. > > Greg > > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm > > *** > This e-mail is not an official statement of the > Waikato Regional Council unless otherwise stated. > Visit our website http://www.ew.govt.nz > *** > > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm > > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Re: WARNING: Hacker Alert
http:[EMAIL PROTECTED] Someone already mentioned this but it is a very new worm called W32.Nimda.A@mm see above link for some information on it. Heidi Kevin Lundy wrote: > > http://www.nipc.gov/warnings/advisories/2001/01-021.htm > > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm > > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Re: Senate votes to permit warrantless Net-wiretaps, Carnivore use
If you go to the Wired.com article and click on the word "approved" you can find out how they voted. It is a link to the senate voting record for that particular bill. It turns out that 97 senators voted in favor (3 did not vote). I'd say read the article. This particular amendment could be enabling an invasion of privacy we don't want. Plus amendments worded in haste, like this one, can easily be ruled unconstitutional and therefore useless. I'm not against doing something but I'd prefer that time and care be taken to consider what exactly should be done. Heidi "Phillips, Glen" wrote: > > You wrote: > > "No record of how any of them voted on it. Isn't that convenient?" > > I love the irony of someone called "Anon Emouse" complaining about people > not putting their names to anything :) > > -Original Message- > From: Anon Emouse [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, 18 September 2001 13:50 > To: NT System Admin Issues > Subject: RE: Senate votes to permit warrantless Net-wiretaps, Carnivore > use > > Tell them what you think about warrantless search and > seizure, and about tacking it onto an appropriations > bill, passing it out 30 min before debate/vote, and > then passing it on a voice vote. No record of how any > of them voted on it. Isn't that convenient? > > I'll be the last to tell you what to say. If you > aren't moved to write your congressperson, then don't. > But this was pushed through without a lot of > oversight or planning, and if it gets all the way > through and is signed into law, then any prosecutor > can authorize surveillance for 48 hours of ANYONE > without a warrant. > > Doesn't sound good to me. > > > -Original Message- > > From: Martin Blackstone > [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, September 18, 2001 8:38 AM > > To: NT System Admin Issues > > Subject: RE: Senate votes to permit warrantless > Net-wiretaps, > > Carnivore > > use > > > > > > And tell him what? > > > > -Original Message- > > From: Anon Emouse [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, September 18, 2001 5:22 AM > > To: NT System Admin Issues > > Subject: Senate votes to permit warrantless > Net-wiretaps, > > Carnivore use > > > > > > Please read this article, and the attached text. > > > > Then write your congressman. > > > > > http://www.wired.com/news/politics/0,1283,46852,00.html > > > > Text of the Hatch-Feinstein "Combating Terrorism Act > > of 2001": > > http://www.politechbot.com/docs/cta.091401.html > > > > Muddled debate over the amendment: > > http://www.fas.org/sgp/congress/2001/s091301.html > > > > A. Nonny Mouse > > Watch-Mouse > > > > > > > > __ > > Terrorist Attacks on U.S. - How can you help? > > Donate cash, emergency relief information > > > http://dailynews.yahoo.com/fc/US/Emergency_Information/ > > > > > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm > > > > > > > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm > > __ > Terrorist Attacks on U.S. - How can you help? > Donate cash, emergency relief information > http://dailynews.yahoo.com/fc/US/Emergency_Information/ > > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm > > * > If you receive this e-mail in error, please contact +44 20 7280 5500. > The information contained in this e-mail and in the attachments if > any, is confidential. Unauthorised use, disclosure, printing, > forwarding or copying is strictly prohibited. > * > > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Re: Email Scams
I send all my "scams" to [EMAIL PROTECTED], although the FBI does have a website where you can file complaints for scams and unsolicited e-mail. It's http://www.ifccfbi.gov. Heidi Stephen Pruitt wrote: > > Luke, see if you can find a Web site or address for a real NY Firemen's > association, and send it to them. Other options are the NY city or state > police or the FBI. > > Steve > > -Original Message- > From: Luke Skare <[EMAIL PROTECTED]> > To: NT System Admin Issues <[EMAIL PROTECTED]> > Date: Friday, September 14, 2001 7:08 PM > Subject: Email Scams > > >Has anyone seen the below unsolicited message? Where do we report this to > >check the validity of these emails/organizations? > > > >Thanks > > > >Luke > > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Re: has anyone used doubletake successfully?
Thanks for the information to all who responded! One more question: Do you keep the second server in another location (necessitating a WAN link) or on the same subnet or different subnet? I'm interested in how well the failover goes with the second server off-site. Thanks, Heidi Pilewski Windows System Administrator Software Engineering Institute Carnegie Mellon [EMAIL PROTECTED] Gordon Olson wrote: > > There is no problem with the failover it is the failback that does not work > as designed. You will be pretty much on your own also the tech support is > not very good. If you work with the product for more then a couple of days > you will not more then the support dudes. > > We are using it with IIS, SQL7 running on NT and it works great, fails over > within 30 seconds. WE don't have a large volume of ecommerce so that is fine > for us. The fail back is the only spot where we have to go in and remove the > failed over ip manually because it just won't work right. It has once or > twice but most often it does not work as advertised. We have messed with it > and messed with it and - well, it is just easier to manually remove the ip > etc... > > Hope that helps, > > side note - we are using co-standby server for another app and it works > outstanding and it is much easier to configure. I like them both each are > unique. > > -Original Message- > From: Heidi Pilewski [mailto:[EMAIL PROTECTED]] > Sent: Friday, September 14, 2001 4:36 AM > To: NT System Admin Issues > Subject: Re: has anyone used doubletake successfully? > > I'd like to know if you've ever had to failover to the other server and > how quickly and smoothly, if at all that went? > > Also, did you look at any other products or solutions before deciding on > Double Take and, if so, why did you decide on Double Take? > > I understand that my situation may differ but I'm looking at using a web > server (IIS) and SQL 7.0 on NT or 2000 as the operating system (depends > on when the decisions are made) and data will need to be replicated and > if the primary server goes down there should be as quick and smooth as > possible a transition to the "backup" machine. I've had personal > experience with NT Cluster server and, for this application, the > failover takes too long. We are hoping to minimize transaction loss as > much as possible. > > Thanks, > Heidi Pilewski > Windows System Administrator > Software Engineering Institute > Carnegie Mellon > [EMAIL PROTECTED] > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Re: has anyone used doubletake successfully?
I'd like to know if you've ever had to failover to the other server and how quickly and smoothly, if at all that went? Also, did you look at any other products or solutions before deciding on Double Take and, if so, why did you decide on Double Take? I understand that my situation may differ but I'm looking at using a web server (IIS) and SQL 7.0 on NT or 2000 as the operating system (depends on when the decisions are made) and data will need to be replicated and if the primary server goes down there should be as quick and smooth as possible a transition to the "backup" machine. I've had personal experience with NT Cluster server and, for this application, the failover takes too long. We are hoping to minimize transaction loss as much as possible. Thanks, Heidi Pilewski Windows System Administrator Software Engineering Institute Carnegie Mellon [EMAIL PROTECTED] Ian Kelly wrote: > > Yes, and SQL 2000 > What do you need to know? > > Ian > --- > > mailto:[EMAIL PROTECTED] > > --- > The man who views the world at 50 the same as he did at 20 has wasted 30 > years of his life. - Muhammad Ali > > -Original Message- http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Re: has anyone used doubletake successfully?
I'm interested in finding more out about Doubletake as well. Anyone using it with SQL 7.0? Thanks, Heidi Pilewski Windows System Administrator Software Engineering Institute Carnegie Mellon [EMAIL PROTECTED] "Mikelist (E-mail)" wrote: > > tell me more. did u use it to migrate to win2k? details, the devil's in the > details > > thanks > > > -- > Michael D. Plotsker > Technology Consultant > KJ Technology Consulting, Inc. > T. 718-575-1595 > C. 917-406-4215 > F. 212-202-5013 > [EMAIL PROTECTED] > > -Original Message- > From: Kevin Lundy [mailto:[EMAIL PROTECTED]] > Sent: Thursday, September 13, 2001 3:19 PM > To: NT System Admin Issues > Subject: RE: has anyone used doubletake successfully? > > yes > > -Original Message- > From: Mikelist (E-mail) [mailto:[EMAIL PROTECTED]] > Sent: Thursday, September 13, 2001 3:17 PM > To: NT System Admin Issues > Subject: has anyone used doubletake successfully? > > to replicate data and services on nt4 server and/or win2k server? > > > -- > Michael D. Plotsker > Technology Consultant > KJ Technology Consulting, Inc. > T. 718-575-1595 > C. 917-406-4215 > F. 212-202-5013 > [EMAIL PROTECTED] > > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm > > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Re: Airport security (was: The idiocy continues!)
Security people are also provided by outside firms who got the "lowest bid". Is it any wonder they're not paid well, not trained, and may have "suspicious" backgrounds? In other words, they got what they paid for. Kent Neff wrote: > > Ya gotta be kidding. Most of the airports are "managed" by local > governments and they can't get it right. What makes you think the Feds are > able to do it. Where I live (Atlanta), the General Manager is a politcal > crony of the Mayor and is an incompetent clown at best. If anything these > airports need to be privatized and the security force needs to be trained > and made to do their jobs. It's that simple. I work around the airport so > I see it all the time. > > My 2 cents. > > Regards, > > Kent Neff > > >From: Benjamin Scott <[EMAIL PROTECTED]> > >Reply-To: "NT System Admin Issues" <[EMAIL PROTECTED]> > >To: "NT System Admin Issues" <[EMAIL PROTECTED]> > >Subject: Airport security (was: The idiocy continues!) > >Date: Thu, 13 Sep 2001 13:13:46 -0400 (EDT) > > > >On Thu, 13 Sep 2001, Phillips, Glen wrote: > > > I've noticed that in amongst all the criticism of poor security at > > > Boston airport, no-one has suggested paying the people who operate the > > > metal detector screens and x-ray machines a bit more than what they > > > currently get (which is reported as on a par with someone who flips > > > burgers in a diner). > > > > I have seen mentioned several times that the people supposedly guarding > >air-travel security are minimum wage workers who have not been trained. > >Many are calling for the government to take over airport security. > > > > Myself, I think that makes sense. One of the functions of government is > >to protect the people, i.e., to establish and maintain a police force. The > >government already patrols roads, trains, and general property. To me, it > >makes sense to extend that same protection to air travel. > > > >-- > >Ben Scott <[EMAIL PROTECTED]> > >| The opinions expressed in this message are those of the author and do not > >| > >| necessarily represent the views or policy of any other person, entity or > >| > >| organization. All information is provided without warranty of any kind. > >| > > > > > >http://www.sunbelt-software.com/ntsysadmin_list_charter.htm > > > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Re: Australian Expressing Sadness + Something to think about
Briefly, because life has to return to something resembling normal, I'd like to say thanks to all those on this list who are not from the US and are expressing condolences and outrage at these attacks. Often, events like this can have the effect of isolating one from the rest of the world. It's important to know that there are only a few extremists out there that harbor these feelings against the U.S. Unfortunately, not everyone killed, especially in the World Trade Center, were U.S. citizens. While I don't always agree with the foreign policy of my country, the only thing this sort of violence achieves is more violence. If there are entities out there that don't like what the U.S. does, then a dialogue must be established. I think that the person or persons behind this attack will find that this galvanizes the American people against them and does little to further their issues or improve the way the US conducts it's foreign policy. I'm lucky in that, it appears, everyone I personally know in the world was unharmed, but not untouched, by this attack. My condolences go to those who are more personally affected by this attack. Heidi http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
