[TriLUG] deciphering access logs
Tom Bryan
tbryan at python.net
Thu Jan 3 12:10:58 EST 2002
On Friday 04 January 2002 06:03 am, Brent Verner wrote:
> Not near gone, from my POV. I get about 200 bunk requests from infected
> windows machines every /day/ on my cable connection. The only way it
> will ever be "gone" is we finally get rid of software from that shining
> beacon of quality and goodness from the north west :-\
>
> On a side note, I wonder if we could all get together and file a class
> action suit against Microsoft for bandwidth consumption due to their
> negligence?
Heh. Apache on my Linux box got hit by the Ramen worm once. If there's a
known exploit and a bug fix available, it's not really the vendor's fault
that you didn't patch it.
I wonder how good the various Linux distributions are at providing a very
light, locked-down, "not a server" option in their installs. If the users
whose boxes are still getting infected with Code Red/Nimbda switched to
Linux, they would probably end up running daemons that had known remote
exploits. The only way around this problem is to provide an installation
that opens no ports (except replies to DNS, HTTP, etc.), launches as few
daemons as possible, and doesn't even install things like sendmail and
apache. If a user just wants to browse the web, download files, get on chat
servers, play games, use e-mail, etc., then he really needs a very minimal
OS/software installation...no matter what the OS.
What he really needs is an internet appliance, but I'm not start that
discussion now. :)
---Tom
More information about the TriLUG
mailing list