[iwar] [fc:Infected.DSL.Users.Get.86ed]

From: Fred Cohen (fc@all.net)
Date: 2001-09-21 19:18:52
Next message: Fred Cohen: "[iwar] [fc:GAO.report.on.Homeland.Security]"
Previous message: Fred Cohen: "[iwar] [fc:Powell.battles.Pentagon.over.terrorism.strategy]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200109220218.TAA32568@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Fri, 21 Sep 2001 19:18:52 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Infected.DSL.Users.Get.86ed]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit

Infected DSL Users Get 86ed
 By Michelle Delio 

10:40 a.m. Sep. 21, 2001 PDT

Educate yourself about computer security or get the hell off the
Internet is the message that some Internet service providers are
delivering to their customers. 

Frustrated with users who can't or won't configure their computers to
stop the spread of worms and viruses, some broadband access providers
have now decided to cut service to customers whose machines are infected
with worms such as Code Red and Nimda. 

Only computers that run unpatched Windows 2000 and NT operating systems
using Microsoft's IIS Web server software are vulnerable to infection by
Code Red and Nimda.  (Nimda, a worm with multiple infection
capabilities, can also infect computers using the Windows operating
system and Microsoft's Outlook e-mail program or Microsoft's Internet
Explorer Web browsing software.) \ Infected computers constantly scan
the Internet for other vulnerable machines to infect.  The continuous
scanning creates increased traffic on a network and impacts all users,
even those whose computers are running systems and software that cannot
be infected. 

Some security experts applaud these strict actions by ISPs and hope that
other service providers will also begin locking out infected computers. 

"My network has been hit thousands of times a day with Code Red and now
Nimda scans," said Tony Monty, a systems administrator in London.  "The
patches that close the security holes these worms exploit were released
months ago.  If people haven't applied the patches, they are obviously
clueless.  Denying them access until they fix their system is the only
thing that will get their attention.  I hope U.K.  providers follow suit
soon."

Speakeasy and DSL Inc.  are among the service providers that have
decided to cut access to customers with worm-infested computers. 

Speakeasy's e-mail to its customers read, in part: "Over the last three
months, we have been battling it out with the Code Red worm.  Just as we
were beginning to believe the worst was behind us, we have now learned
that there is yet another hostile bit of rogue data coursing its way
around the Internet.  The affects of this worm are detrimental to all
...  after 9/23/01, Speakeasy's Abuse Team will be freezing the DSL
circuit hooked to any machine infected with the worm. 

"We apologize for the inconvenience of this, but it is imperative that
we ensure our network is not assisting in the propagation of this, or
any, worm.  All of us are part of a larger community, and it really
isn't cool to infect your neighbors."

DSL Inc.  told its customers that the service will "immediately
blackhole" all infected computers both within and outside of its system. 
Blackholed computers are locked out of DSL's network. 

Customers who are infected are blocked from accessing the network, and
their access password is changed.  They have to call technical support
to reinstate their account. 

Some service providers, such as Time Warner's Road Runner, said that it
currently has no plans to cut service but are instead screening their
networks to locate infected and vulnerable computers, and advising those
users how to patch their systems. 

Jeff King, a technical support manager at Road Runner, said that during
the Code Red outbreak Road Runner worked to educate consumers through
e-mails, phone calls, and - when all else failed -- direct contact. 

Earthlink and AT&amp;T's Internet service division did not reply to
requests asking if the company's planned any action. 

Every ISP that has taken action said reaction from their customers has
been supportive.  Some customers even expressed the wish that their ISPs
would do more to combat worms and viruses. 

"I'm all for cutting service to idiots," said Keith Little, a Road
Runner customer.  "Road Runner has sent out e-mails advising customers
to patch their machines.  Overall, the service has been great, but when
Code Red hit there was a definite degradation of the e-mail service.  In
some cases over the summer, my e-mail took more than an hour to reach
its destination."

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide!
http://us.click.yahoo.com/JNm9_D/33_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Next message: Fred Cohen: "[iwar] [fc:GAO.report.on.Homeland.Security]"
Previous message: Fred Cohen: "[iwar] [fc:Powell.battles.Pentagon.over.terrorism.strategy]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:47 PDT