Re: Microsoft's Early Xmas Present.

From: John Sage (
Date: 01/03/02

Date: Thu, 03 Jan 2002 09:01:14 -0800
From: John Sage <>
To: Steve Stearns <>


> Another issue to consider is those people who are on dialup accounts.
> If there's a number of patches that are going to take hours to download
> and I need to get work done right now, that "feature" becomes a big
> problem. This creates user antipathy for security which is the last
> thing you want.
> ---Steve

The issue of dialups as an underlying base of infected, unpatched hosts
is underappreciated, IMHO..

As an examle of the scope of the problem, at home I'm on a dialup to
AT&T through their Seattle WA pop, with a dynamic IP in the 12.82.x.x
range of AT&T's 12.x.x.x class A.

I see 40 to 120 CodeRed/Nimda probes to tcp:80 *every* day, week in,
week out, from AT&T dialup, DSL and now AT&T Broadband Internet cable
clients switched over from the defunct Excite@Home cable network.

I have repeatedly notified with snort logs for almost two
months, now, have received nothing but a generic response that really
relates more to spam than anything, and have seen little-to-no reduction
in the volume of this sort of thing.

These are home users, SOHO users, and small businesses with no IT staff
to speak of, all unpatched and infected, and all a potential source of
CodeRed/Nimda infection to new boxes coming on line after the Christmas
purchasing season.

- John

Computers: they're really nothing but l's and O's

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see:

Relevant Pages

  • Re: Half-Life 2: Aftermath
    ... I use the Net so little that I have dialup. ... to use Steam is an infection because I don't want to spend several hrs ... they don't have networking at all on their game PCs. ...
  • Re: XP Firewall on Modem Connection for PC Anywhere?
    ... >>is no danger of infection. ... even on a dialup. ... Now, wether a worm ... then ping the machines IP or dump the name table. ...