Page 3 of 3 FirstFirst 123
Results 21 to 26 of 26

Thread: Virus Evades Panda & Kapersky

  1. #21
    Originally posted here by Tiger Shark
    If I might chime in here....

    JC: Yep... Theoretically you are correct... But... 99% of the time non-publicly available servers are compromised by their idiot admins/users using the server like it was a workstation... and running in the context of an administrator...

    That's the point dear Mistress LeFay is trying to, quite correctly, make... in her roundabout way...
    Again, if you look back to the infection rates of Code Red and Slammer, you'll see that 99% is a little high....

  2. #22
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    you'll see that 99% is a little high....
    If you are _determined_ to miss a perfectly valid point then never mind!!!!!!!

    I SAID...

    But... 99% of the time non-publicly available servers
    Do I need to put special emphasis on the words "non-publicly available" or is your level of comprehension sufficient to grasp what is being said...

    Slammer and Code Red are ancient bloody history and their infections were predominantly against _publicly available_ servers.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #23
    Originally posted here by Tiger Shark
    If you are _determined_ to miss a perfectly valid point then never mind!!!!!!!

    I SAID...



    Do I need to put special emphasis on the words "non-publicly available" or is your level of comprehension sufficient to grasp what is being said...

    Slammer and Code Red are ancient bloody history and their infections were predominantly against _publicly available_ servers.
    Hey, I ain't hating against anyone. I saw your point, and my point was that Code Red and Slammer were against more than just _publicly avaliable_ servers. Corporations around the world got hit and hit hard with both, and many more (and by that I mean their internal networks, not just their POP's). Why is you and MLF decide to cut out only a tiny portion of what I post and argue against that? I think my point is _perfectly_ valid too, but you both seem to have missed it.

    I'm not here to get "Anti-Points", I know you both have a ton more than me. I'm not here to "rock the boat". I'm here because I have an interest in computer security, and what I saw MLF post was technically correct, and yet still possibly wrong. In the context of the original post, it probably is correct, however, I'm still trying to get MLF to admit that worms, viruses, attacks can occur even in a correctly administered network / server configuration.

  4. #24
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Again, if you look back to the infection rates of Code Red and Slammer, you'll see that 99% is a little high....
    Well I wasnt one of those 99%........I guess that puts me in the 1 %

    1%....of ALL the computers in the world

    I think thats GOOD!!!

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  5. #25
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    I saw MLF post was technically correct, and yet still possibly wrong. In the context of the original post, it probably is correct


    jcjzbrfay you are totally right..it is possible....but I have seen that file....many times on WSes and with spyware infections....

    With the multiple processes like that.....that server has been compromised for a while.... and has not been restarted.....and is unpatched..and someone is not using it correctly as the server it is.....

    I have seen this before ..so I "assumed"

    And I beleive I am correct in my remote wireless troubleshooting assumption

    Although I could be wrong .............not

    MHO as always

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  6. #26
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Code red and Slammer were _worms_. They travel on their own without human intervention so their attack vector can _only_ be successful in the case of bad admin practices, (no patching or no other mitigation).

    That either worm managed to pass from the public internet to the trusted neywork in _any_ situation is a sign that the admins should have been fired in my opinion. Because it indicates that there was a pathway from an untrusted segment to the trusted network... Not only was there a pathway but the pathway was the same as the pathway from the public internet to the public server... That is absolutely begging for a worm on your private network and it is completely amateur administration...

    I already agreed that what you said is _possible_... Clearly, because as you note, so many people got hammered by them... But you are pushing ahead with a point that, whilst well made, is redundant... This isn't a worm. It is a very common symptom of slack admins again that we see all the time... So I'm having a hard time understanding why you simply won't let it go if you say "you aren't trying to "rock the boat"... Your point was taken, noted and, in this situation, dismissed as highly improbable.

    BTW, like Mistress LeFay, I too seem to be a one percenter...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •