-
April 1st, 2006, 04:49 AM
#21
Member
Originally posted here by Tiger Shark
If I might chime in here....
JC: Yep... Theoretically you are correct... But... 99% of the time non-publicly available servers are compromised by their idiot admins/users using the server like it was a workstation... and running in the context of an administrator...
That's the point dear Mistress LeFay is trying to, quite correctly, make... in her roundabout way...
Again, if you look back to the infection rates of Code Red and Slammer, you'll see that 99% is a little high....
-
April 1st, 2006, 04:59 AM
#22
you'll see that 99% is a little high....
If you are _determined_ to miss a perfectly valid point then never mind!!!!!!!
I SAID...
But... 99% of the time non-publicly available servers
Do I need to put special emphasis on the words "non-publicly available" or is your level of comprehension sufficient to grasp what is being said...
Slammer and Code Red are ancient bloody history and their infections were predominantly against _publicly available_ servers.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
April 1st, 2006, 05:36 AM
#23
Member
Originally posted here by Tiger Shark
If you are _determined_ to miss a perfectly valid point then never mind!!!!!!!
I SAID...
Do I need to put special emphasis on the words "non-publicly available" or is your level of comprehension sufficient to grasp what is being said...
Slammer and Code Red are ancient bloody history and their infections were predominantly against _publicly available_ servers.
Hey, I ain't hating against anyone. I saw your point, and my point was that Code Red and Slammer were against more than just _publicly avaliable_ servers. Corporations around the world got hit and hit hard with both, and many more (and by that I mean their internal networks, not just their POP's). Why is you and MLF decide to cut out only a tiny portion of what I post and argue against that? I think my point is _perfectly_ valid too, but you both seem to have missed it.
I'm not here to get "Anti-Points", I know you both have a ton more than me. I'm not here to "rock the boat". I'm here because I have an interest in computer security, and what I saw MLF post was technically correct, and yet still possibly wrong. In the context of the original post, it probably is correct, however, I'm still trying to get MLF to admit that worms, viruses, attacks can occur even in a correctly administered network / server configuration.
-
April 1st, 2006, 05:38 AM
#24
Again, if you look back to the infection rates of Code Red and Slammer, you'll see that 99% is a little high....
Well I wasnt one of those 99%........I guess that puts me in the 1 %
1%....of ALL the computers in the world
I think thats GOOD!!!
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
April 1st, 2006, 05:59 AM
#25
I saw MLF post was technically correct, and yet still possibly wrong. In the context of the original post, it probably is correct
jcjzbrfay you are totally right..it is possible....but I have seen that file....many times on WSes and with spyware infections....
With the multiple processes like that.....that server has been compromised for a while.... and has not been restarted.....and is unpatched..and someone is not using it correctly as the server it is.....
I have seen this before ..so I "assumed"
And I beleive I am correct in my remote wireless troubleshooting assumption
Although I could be wrong .............not
MHO as always
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
April 1st, 2006, 12:41 PM
#26
Code red and Slammer were _worms_. They travel on their own without human intervention so their attack vector can _only_ be successful in the case of bad admin practices, (no patching or no other mitigation).
That either worm managed to pass from the public internet to the trusted neywork in _any_ situation is a sign that the admins should have been fired in my opinion. Because it indicates that there was a pathway from an untrusted segment to the trusted network... Not only was there a pathway but the pathway was the same as the pathway from the public internet to the public server... That is absolutely begging for a worm on your private network and it is completely amateur administration...
I already agreed that what you said is _possible_... Clearly, because as you note, so many people got hammered by them... But you are pushing ahead with a point that, whilst well made, is redundant... This isn't a worm. It is a very common symptom of slack admins again that we see all the time... So I'm having a hard time understanding why you simply won't let it go if you say "you aren't trying to "rock the boat"... Your point was taken, noted and, in this situation, dismissed as highly improbable.
BTW, like Mistress LeFay, I too seem to be a one percenter...
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|