Return-Path: <sentto-279987-2193-1001125099-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Fri, 21 Sep 2001 19:23:11 -0700 (PDT) Received: (qmail 2516 invoked by uid 510); 22 Sep 2001 02:21:29 -0000 Received: from n9.groups.yahoo.com (216.115.96.59) by 204.181.12.215 with SMTP; 22 Sep 2001 02:21:29 -0000 X-eGroups-Return: sentto-279987-2193-1001125099-fc=all.net@returns.onelist.com Received: from [10.1.1.220] by fl.egroups.com with NNFMP; 22 Sep 2001 02:21:01 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_3_2_2); 22 Sep 2001 02:18:19 -0000 Received: (qmail 57589 invoked from network); 22 Sep 2001 02:18:19 -0000 Received: from unknown (10.1.10.142) by 10.1.1.220 with QMQP; 22 Sep 2001 02:18:19 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 22 Sep 2001 02:18:52 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id TAA32568 for iwar@onelist.com; Fri, 21 Sep 2001 19:18:52 -0700 Message-Id: <200109220218.TAA32568@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 21 Sep 2001 19:18:52 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Infected.DSL.Users.Get.86ed] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit Infected DSL Users Get 86ed By Michelle Delio 10:40 a.m. Sep. 21, 2001 PDT Educate yourself about computer security or get the hell off the Internet is the message that some Internet service providers are delivering to their customers. Frustrated with users who can't or won't configure their computers to stop the spread of worms and viruses, some broadband access providers have now decided to cut service to customers whose machines are infected with worms such as Code Red and Nimda. Only computers that run unpatched Windows 2000 and NT operating systems using Microsoft's IIS Web server software are vulnerable to infection by Code Red and Nimda. (Nimda, a worm with multiple infection capabilities, can also infect computers using the Windows operating system and Microsoft's Outlook e-mail program or Microsoft's Internet Explorer Web browsing software.) \ Infected computers constantly scan the Internet for other vulnerable machines to infect. The continuous scanning creates increased traffic on a network and impacts all users, even those whose computers are running systems and software that cannot be infected. Some security experts applaud these strict actions by ISPs and hope that other service providers will also begin locking out infected computers. "My network has been hit thousands of times a day with Code Red and now Nimda scans," said Tony Monty, a systems administrator in London. "The patches that close the security holes these worms exploit were released months ago. If people haven't applied the patches, they are obviously clueless. Denying them access until they fix their system is the only thing that will get their attention. I hope U.K. providers follow suit soon." Speakeasy and DSL Inc. are among the service providers that have decided to cut access to customers with worm-infested computers. Speakeasy's e-mail to its customers read, in part: "Over the last three months, we have been battling it out with the Code Red worm. Just as we were beginning to believe the worst was behind us, we have now learned that there is yet another hostile bit of rogue data coursing its way around the Internet. The affects of this worm are detrimental to all ... after 9/23/01, Speakeasy's Abuse Team will be freezing the DSL circuit hooked to any machine infected with the worm. "We apologize for the inconvenience of this, but it is imperative that we ensure our network is not assisting in the propagation of this, or any, worm. All of us are part of a larger community, and it really isn't cool to infect your neighbors." DSL Inc. told its customers that the service will "immediately blackhole" all infected computers both within and outside of its system. Blackholed computers are locked out of DSL's network. Customers who are infected are blocked from accessing the network, and their access password is changed. They have to call technical support to reinstate their account. Some service providers, such as Time Warner's Road Runner, said that it currently has no plans to cut service but are instead screening their networks to locate infected and vulnerable computers, and advising those users how to patch their systems. Jeff King, a technical support manager at Road Runner, said that during the Code Red outbreak Road Runner worked to educate consumers through e-mails, phone calls, and - when all else failed -- direct contact. Earthlink and AT&T's Internet service division did not reply to requests asking if the company's planned any action. Every ISP that has taken action said reaction from their customers has been supportive. Some customers even expressed the wish that their ISPs would do more to combat worms and viruses. "I'm all for cutting service to idiots," said Keith Little, a Road Runner customer. "Road Runner has sent out e-mails advising customers to patch their machines. Overall, the service has been great, but when Code Red hit there was a definite degradation of the e-mail service. In some cases over the summer, my e-mail took more than an hour to reach its destination." ------------------------ Yahoo! Groups Sponsor ---------------------~--> Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide! http://us.click.yahoo.com/JNm9_D/33_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:47 PDT