Slashdot Mirror

← Back to Stories (view on slashdot.org)

Code Red III

Posted by ryuzaki0 on from the are-we-there-yet-mommy dept.

drcrja was the first to send us this brief bit about Code Red III which is apparently faster and more vicious than its entertaining predecessors. I'm still wondering what I should do with the hundreds of IPs in my desktop's apache log trying hopelessly to overflow my buffer.

4 of 759 comments (clear)

  1. Re:a harsher solutions, perhaps? by WickedLittleSlaveBoy · · Score: 0, Troll

    oops...it seems that an MCSE(obviously running IIS) has modded me down....I guess I'll have to send a retraction to all the MCSE's on our help desk(1st tier), too.....

  2. Re:make some money off banner ads by Chmarr · · Score: 0, Troll

    If you make default.ida a php based file, why wouldn't a redirect server side work?

    Because then it's the server getting the page, not the browser. If you're after ad revenue, then the ad company is sure going to check where that traffic is coming from.

  3. Responsibility lies with the Network by medcalf · · Score: 0, Troll

    Admittedly, MS shipped a flawed product (IIS), and shipped it to users who have no idea that the product is even running on their box. Bad MS! Bad!

    Admittedly, most computer owners are idiots (assuming that computer users are evenly distributed throughout the population, which mostly consists of idiots) and don't patch their machines regularly, or at all. Bad user! Bad!

    However, it is counter-productive to bash MS for this, because they have released a patch some time ago and what else can they do? It is counterproductive to bash the users, because most of them don't know how to install a patch, or even what a patch is, and have no source of information to help them out (and even if MS mailed out information, how many of these users could and would understand and follow it? - they need someone who knows what they are doing to help them, and they don't know that they need that help).

    The only place that this worm can be stopped is at the network level. ISPs need to block not inbound port 80, but outbound port 80 from machines on their network known to be infected. Better yet, redirect all outbound port 80 from known-infected sites to a web page at the ISP which explains the problem and how to fix it, and what number to call for more help and to get your web access turned back on. DO NOT use this to get a fix on who's running servers on your network that you need to punish, or people will stop calling you for help! This cuts the spread of the worm immediately, because an infected machine can no longer spread past the first router it comes to. It also gradually cleans up the problem at the source, and eventually most of the infected machines wouldn't be. Those machines not fixed would at least not be able to spread the infection, because the pathway would be closed. This were done at each level of the network, the worst case would be a machine that could get out to the backbones because of sloppy admins at the ISP, but then would be caught and blocked by the backbones.

    The whole idea is to fix the problem, rather than bitching about who should not have let it happen in the first place.

    -jeff

    --
    -- Two men say they're Jesus. One of them must be wrong. - Dire Straits
  4. Re:Ok. Here's better names. by BilldaCat · · Score: 1, Troll

    You suck. Go away. Forever.

    Take your so-called sense of humor with you.

    --
    BilldaCat