Slashdot Mirror
Noticed Welchie/Nachi in Your Bandwidth Bill, Yet?
Pinkboard Panther asks: "I have recently received my bill for Internet usage for last month and discovered it is 4 times higher than expected. Since there had been no increase in usage of the sites I run I had to search elsewhere for the exorbitant increase. Eventually I tracked it down to my firewall being bombarded with 20,000 ICMP Echo requests a minute from many different IP addresses. This adds up to $A10 per hour or $A240 a day. I still need to battle with my ISP over whether I should be paying for this. It seems that the Welchie/Nachi worm sends out pings to find what machines are out there before it moves onto deeper probes. I can't believe that I am the only site out there which is being attacked in this way. There must be lots of other sites out there who are affected this way. Maybe they just haven't received their bills, yet?"
See these links for more info.
I've been asking around about this, and it's amazing how many people are just brushing it off as nothing. It is a serious issue for IP addresses that are being hit.
m l
i ty/2003-08/0002.html
.htaccess, not my own httpd.conf.
Here are some more posts on the topic, elsewhere. Note how some people just say "Oh, you are getting hits! Hits are good, no?".
http://www.webmasterworld.com/forum39/1435.htm
http://lists.jammed.com/incidents/2003/08/0369.ht
http://www.derkeiler.com/Mailing-Lists/linuxsecur
The blocking rules people suggest (see page five of the first link) don't work at my site, for some reason. Maybe it's because I only have access to
Yep, that's what full-rate ADSL customers pay for traffic in New Zealand, once they get past their pitiful 500M monthly allowance.
"I run linux.. I'm not affected by Windows worms and viruses" - Yeah, you wish..!
455fe10422ca29c4933f95052b792ab2
The difference is that a real firewall (Like Zone Alarm or Sygate (free is down at the bottom)) will block the traffic, prompt you to allow/disallow it, and then follow instructions.
Black Ice, on the other hand, will simply watch ports, log traffic, and when someone tries to access your RPC port or whatnot, it simply sets a flag "Serious Error - Someone Hacking" and starts blinking in the system tray. No real response, no ability to block it in the future, just simple monitoring.
In other words, it's a complete waste of CPU cycles from a security standpoint, and if you're using it for traffic monitoring you'd be better served with Ethereal.
"We were just commenting today on how there should be a standing class action law suit against Microsoft. We could not think of a real reason, be you seem to have one here. The loss of business and revenue, whether from your pocket or your ISP's pocket, mulitplied acorss many ISPs seems like a case to me "
Ugh. It's funny how morals here perform a complete 180 when there's an opportunity to get Microsoft into trouble.
Here's the simple fact: Microsoft didn't write the worm.
Now you can make the argument if you like that Microsoft was negligent. Just remember, that if you follow that logic, then Linux could find itself liable down the road. Some jackass comes up with an exploit, it causes trouble, and the Linux community is punished for it. Do you really want that?
I have other issues with this line of reasoning. If I walk into a hospital with a cellular phone and intentionally use it to jam equipment there, should Nokia be sued for it? What about the company who made the equipment? Considering that the disruption was caused malisciously (sp?), then the finger needs to be pointed at me.
I would strongly urge the Slashdot Community to be very careful about what you wish for, especially when it concerns punishment for Microsoft. It's fun to hate them and all, but the consequences they recieve could wind up biting you in the butt. Eolas comes to mind...