RE: Increasing ICMP Echo Requests

From: Rob Shein (shoten_at_starpower.net)
Date: 08/24/03

  • Next message: Dowling, Gabrielle: "RE: Sobig.F style email with no attachments"
    To: "'Bruce Martins'" <BMartins@extend.COM>, <Valdis.Kletnieks@vt.edu>
    Date: Sat, 23 Aug 2003 20:58:28 -0400
    
    

    Ok, I have to take exception to some of this. Assuming that the majority of
    SQL servers fall under the purview of security-related staff who subscribe
    to this list (which is relatively insane as an assumption, off the bat,
    considering how many applications use MSDE behind the scenes), I still have
    to take exception. (Which is good, since I'm not sure that the point
    related to any server-based app anyways.)

    1 month is NOT necessarily enough time to test a patch and roll it out.
    Alright, if the patch works, there are no foulups, there is nothing else to
    do, and there is no administrative overhead involved (like change control),
    1 month is plenty of time. But this is not the case on the planet we call
    "Earth." What if there's a mission-critical app that doesn't like the
    patch? (I've seen that a lot of times) What if the change control process
    alone takes two weeks, just to get the go-ahead to do the patch...and then
    you have to wait a week just to get to the green zone when you can
    implement? And what if that green zone has been set aside for other work,
    and you have to wait ANOTHER week on top of that? And let's not forget,
    above all else...the bigger the application, the more overhead in doing
    something like this, and the more bandwidth it will typically have with
    which to attack other systems if a worm gets a foothold. At least that's my
    experience. I've seen mission-critical apps that were poorly written, which
    would fall over if sneezed at, and which therefore had a change control
    process that makes tax law seem like playing tic-tac-toe. And guess what?
    This was sitting on colossal bandwidth in a colocation center. In this
    situation, there were about 5 people who wanted like nobody's business to
    make sure that the system was properly patched, but it was a nightmare
    actually getting it done. So please, if you have some suggestion, something
    constructive to offer, please do bring it forwards; but don't' take this
    "oh,-I'm-sick-of-all--the-people-who-don't-secure-systems-and-are-lazy"
    approach, because it just isn't that simple.

    > -----Original Message-----
    > From: Bruce Martins [mailto:BMartins@extend.COM]
    > Sent: Thursday, August 21, 2003 8:29 AM
    > To: Valdis.Kletnieks@vt.edu
    > Cc: incidents@securityfocus.com
    > Subject: RE: Increasing ICMP Echo Requests
    >
    >
    > Well no I don't expect Joe shmoe to know this, but it's the
    > corporate networks that we are seeing being bogged down, and
    > helping to spread these worms around, how many Joe shmoes
    > have SQL ? Most of what I have said the people that are
    > reading it aren't Joe shmoes. As well win 98 is not affected
    > by the latest major worm and 98 is no longer being sold with
    > new machines XP home is, but this list isn't an out reach to
    > Joe Shmoe and others like him it's to the administrators and
    > advanced users, many of which know what they are doing and
    > still don't patch machines or do what they can to protect
    > themselves and their networks 1 month is more then enough
    > time to test the patch and roll it out to all of the users on
    > their network again my 2 cents as I understand a lot are over
    > worked as it is
    >
    >
    > Bruce Martins
    > Systems Administrator
    > EXTEND>>MEDIA
    > 190 Liberty Street
    > Toronto, Ontario
    > Canada
    > M6K 3L5
    > _______________________
    > e:bmartins@extend.com
    > t: (416) 535-4222 ext. 2307
    > f: (416) 535-1201
    > http://www.extend.com
    >
    >
    > -----Original Message-----
    > From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu]
    > Sent: Wednesday, August 20, 2003 12:37 AM
    > To: Bruce Martins
    > Cc: incidents@securityfocus.com
    >
    > On Tue, 19 Aug 2003 15:43:29 EDT, Bruce Martins said:
    >
    > > patches it, the real problem is that some people aren't heading the
    > > warnings and patching their machines when a patch is released for a
    > > very serious vulnerability like this one, same thing
    > happened with the
    >
    > > SQL slammer worm, people had more then enough time to test and apply
    > > this patch but didn't but hey just my 2 cents
    >
    > OK.. So this worm does a really nice slash-and-burn if it
    > gets loose on a nice speedy 100mbit corporate network. But
    > that's just where it gets the
    > *initial* burn, it's not where its staying power is going to be...
    >
    > Hmm... How many copies of Win98 and later has MS sold? Hint
    > - a LOT of them aren't corporate, they're being sold to Joe
    > Sixpack on that machine they just bought at Walmart or Circuit City.
    >
    > And remember - Joe Sixpack is still fuzzy on the idea that
    > the Internet and the Web are two different things. Do you
    > *REALLY* expect him to read MS03-026 and understand what it
    > *REALLY* means?
    >
    >
    > --------------------------------------------------------------
    > -------------
    > Attend Black Hat Briefings & Training Federal, September
    > 29-30 (Training),
    > October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
    > technical IT security event. Modeled after the famous Black
    > Hat event in
    > Las Vegas! 6 tracks, 12 training sessions, top speakers and
    > sponsors.
    > Symantec is the Diamond sponsor. Early-bird registration
    > ends September 6.Visit us: www.blackhat.com
    > --------------------------------------------------------------
    > --------------
    >
    >

    ---------------------------------------------------------------------------
    Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
    October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
    technical IT security event. Modeled after the famous Black Hat event in
    Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
    Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
    ----------------------------------------------------------------------------


  • Next message: Dowling, Gabrielle: "RE: Sobig.F style email with no attachments"

    Relevant Pages