Re:As a CLEC, this is how we have been coping.
on
Broadband Crackdown
·
· Score: 1
On July 31, before the expected new outbreak of CodeRed scans, I used the eEye CodeRed vulnerability scanner on all IPs on my network. I only found half a dozen IIS servers that weren't patched.
I called each customer on the phone. I told each of them that I would scan again around 7pm EDT, and if they hadn't installed the patch from Microsoft by then, I would have no choice but to block port 80 access to their machine.
I scanned again at 7pm EDT. Every machine had been patched.
I never did need to block port 80 access to any customer.
Of course, larger networks would have a hell of a time contacting each customer. I only have a couple of hundred DSL customers, so this wasn't a huge effort.
On the other hand, it's not like we didn't have plenty of warning beforehand. Since July 19, we all should have realized a second round was possible. And frankly, anybody who didn't believe some enterprising soul would create a slightly different, and damaging, worm that exploits the same vulnerability, is burying their head in the sand.
On a side note, there's an ISP in Vancouver whose customers are spewing 700 scans per minute - I called them on the phone, asking them to deal with those customers. I sent them email. They called me back, and assured me I'd see no more scans from their customers.
I had to block port 80 requests from their subnets at my border... and they're still spewing.
The comments have degenerated into a flame war over which is better - Microsoft or Opensource.
That's not really the point.
A great many people use Microsoft products, and the Microsoft website is a wonderful place to get answers to various questions about their products. I find myself having to support various Windows applications (and Windows itself) and since I personally don't get down and dirty with Microsoft products (yeah, I run Win2K, but I don't do much with it besides run a few apps), I have to go to their website to look up answers quite a bit.
I have customers who insist on using FrontPage, for example. Do I just tell them no, you can't use it here, go find another ISP? I know that some of you will say "Yes, you should." But I won't stay in business long if I turn away business just because I don't want to support a pretty popular application.
I needed to get to Microsoft's web site to look up some issues with the FP extensions today. I couldn't get there. Certainly I understood pretty quickly that it was MS's problem, but I didn't know exactly what it was. Mailing list replies with a link to the CNET article were the first real information I saw regarding the reason for the outage.
And certainly it was news of interest, both to me and to my customers. As an ISP, our customers expect us to solve all their problems, and it's actually good to be able to tell them exactly why they can't go download the latest service pack their IT guy said they had to have. I was able to point them to independent sources for the same information, so they didn't think we were "covering up" (which some customers always think when you explain that problems are not related to your own company).
I realize there are people who don't use Microsoft products at all and who have no use for the MS web site. But that doesn't mean the site is useless to everyone!
Slashdot Mirror
On July 31, before the expected new outbreak of CodeRed scans, I used the eEye CodeRed vulnerability scanner on all IPs on my network. I only found half a dozen IIS servers that weren't patched.
I called each customer on the phone. I told each of them that I would scan again around 7pm EDT, and if they hadn't installed the patch from Microsoft by then, I would have no choice but to block port 80 access to their machine.
I scanned again at 7pm EDT. Every machine had been patched.
I never did need to block port 80 access to any customer.
Of course, larger networks would have a hell of a time contacting each customer. I only have a couple of hundred DSL customers, so this wasn't a huge effort.
On the other hand, it's not like we didn't have plenty of warning beforehand. Since July 19, we all should have realized a second round was possible. And frankly, anybody who didn't believe some enterprising soul would create a slightly different, and damaging, worm that exploits the same vulnerability, is burying their head in the sand.
On a side note, there's an ISP in Vancouver whose customers are spewing 700 scans per minute - I called them on the phone, asking them to deal with those customers. I sent them email. They called me back, and assured me I'd see no more scans from their customers.
I had to block port 80 requests from their subnets at my border... and they're still spewing.
The comments have degenerated into a flame war over which is better - Microsoft or Opensource.
That's not really the point.
A great many people use Microsoft products, and the Microsoft website is a wonderful place to get answers to various questions about their products. I find myself having to support various Windows applications (and Windows itself) and since I personally don't get down and dirty with Microsoft products (yeah, I run Win2K, but I don't do much with it besides run a few apps), I have to go to their website to look up answers quite a bit.
I have customers who insist on using FrontPage, for example. Do I just tell them no, you can't use it here, go find another ISP? I know that some of you will say "Yes, you should." But I won't stay in business long if I turn away business just because I don't want to support a pretty popular application.
I needed to get to Microsoft's web site to look up some issues with the FP extensions today. I couldn't get there. Certainly I understood pretty quickly that it was MS's problem, but I didn't know exactly what it was. Mailing list replies with a link to the CNET article were the first real information I saw regarding the reason for the outage.
And certainly it was news of interest, both to me and to my customers. As an ISP, our customers expect us to solve all their problems, and it's actually good to be able to tell them exactly why they can't go download the latest service pack their IT guy said they had to have. I was able to point them to independent sources for the same information, so they didn't think we were "covering up" (which some customers always think when you explain that problems are not related to your own company).
I realize there are people who don't use Microsoft products at all and who have no use for the MS web site. But that doesn't mean the site is useless to everyone!
See this knowledgebase article: http://support.microsoft.com/support/kb/articles/Q 190/0/08.ASP
Yeah, the ftp server isn't allowing anonymous logins. So it'll be a while before we even get to see the release notes!