Post #116,676
9/4/03 9:52:38 PM
|
So I'm building some servers today
Win 2000 advanced server. Starting from scratch with freshly formatted drives (SCSI RAID 5). Three servers to build so I figure to use three copies of install CD's. 2 of them, of course, turn out bad and I have to reinstall from the one good one. One system actually has one of its network cards fail during the install. Get the networking piece finished and join the hardware to the domain. I am doing them concurrently and by the time I get antivirus installed on the first one all three servers are infected by the nachi variant of blaster.
In the time it takes to install the service packs, rollup patches and antivirus I need to protect the systems from known viruses, I get hit by a known virus.
Turns a 3-4 hour job into an all day affair and I still have some config to finish up. Not to mention tracking down just who the fsck is still infected on our network that led to this. Now I have to burn CD's with said patches etc. 'cause I'm not building anymore while on the network with a connection to my utility server where all these things are so conveniently accessible.
Today has been a day of many curses. Mostly of the variety, "fscking microsoft", "fsck me", "are you fscking kidding me?" and the like.
-----------------------------------------
It is much harder to be a liberal than a conservative. Why?
Because it is easier to give someone the finger than it is to give them a helping hand.
Mike Royko
|
Post #116,686
9/4/03 10:17:30 PM
|
What a nightmare. :-(
But it's all too common, and something that will only get worse, I fear.
Best of luck.
Cheers,
Scott.
|
Post #116,705
9/5/03 2:33:56 AM
|
Why is nachi in the building at all?
You need to answer that question. Port 135 inbound should have been blocked.
Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
|
Post #116,708
9/5/03 2:56:52 AM
|
Firewall won't stop it, port 135 blocked or not.
Many companies have been hit hard from behind the firewall as executives and sales guys brought in their notebooks and plugged them into the company network.
Telling executives and sales guys not to do that is an exercise in futility - they know it's not a problem - it's your fault and you should get it fixed.
[link|http://www.aaxnet.com|AAx]
|
Post #116,709
9/5/03 2:58:08 AM
|
I know that.
The question was a nice way of saying, "Which idiot plugged into your LAN without asking?"
Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
|
Post #116,724
9/5/03 8:50:33 AM
|
Most likely it was a VPN user
I also have my suspicions about some of the systems with Virtual PC. The virtual systems don't get used too often and may not have been patched with all the others.
-----------------------------------------
It is much harder to be a liberal than a conservative. Why?
Because it is easier to give someone the finger than it is to give them a helping hand.
Mike Royko
|
Post #116,710
9/5/03 3:08:12 AM
|
VPN, RAS also a prob.
Our guys shut down 135 in time, but apparently forgot about the VPN and the RAS box. Oops.
-----
Steve
|
Post #116,712
9/5/03 3:12:38 AM
|
That's potentially a no-win situation.
...if your RAS box is NT4; the patch initially broke RAS on NT4.
Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
|
Post #116,714
9/5/03 3:34:17 AM
|
It may be
I don't know, though. I stay outta the server room. I get to work on the UNIX box so it doesn't bother me much :D I just snicker at all the stories I hear over the cubicle walls.
-----
Steve
|
Post #116,711
9/5/03 3:10:26 AM
9/5/03 3:11:41 AM
|
About Executives
Well, in our company, we have a strict policy of "no plugging in until IT has been and visited your laptop and given you the thumbs-up", and we've had this policy approved from the highest level downward.
Which is just as well; we take a copy of our latest AV software and virus definitions, install it (if it's an "alien" computer) and then scan it. We've seen Nimda, Code Red, The Klez, BugBear and so on; we've seen laptops with three different versions of antivirus software installed at the same time, all out of date and non-functional; the list goes on. [edit: Not laptops that are part of our herd, I hasten to add; these were visitors]
What enabled us to take this idea to management was the fact that we got hit by Nimda. It clobbered an intranet web server before the virus definitions were out. We were offline for 1.5 days. Management doesn't understand "Viruses are bad" but it does understand "150 man-days lost".
Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
Edited by pwhysall
Sept. 5, 2003, 03:11:41 AM EDT
|
Post #116,741
9/5/03 10:11:53 AM
|
No msg, but LOVE YOUR SIG!!!
lincoln
"Windows XP has so many holes in its security that any reasonable user will conclude it was designed by the same German officer who created the prison compound in "Hogan's Heroes." - Andy Ihnatko, Chicago Sun-Times
[link|http://users3.ev1.net/~bconnors/resume.htm|VB/SQL resume]
[link|http://users3.ev1.net/~bconnors/tandem_resume.htm|Tandem resume]
[link|mailto:bconnors@ev1.net|contact me]
|
Post #116,750
9/5/03 11:06:03 AM
|
Re: So I'm building some servers today
guess you installed s/w in wrong order
moral of story is don't go online w/o protection
A
Play I Some Music w/ Papa Andy
Saturday 8 PM - 11 PM ET
All Night Rewind 11 PM - 5 PM
Reggae, African and Caribbean Music
[link|http://wxxe.org|Tune In]
|
Post #116,761
9/5/03 12:16:29 PM
|
Reread his description
Installed base, connected to get updates and got infected.... How is this "s/w installed in wrong order"?
|
Post #116,805
9/5/03 5:46:32 PM
|
Re: Reread his description
as I recall from setting up W2K server and advanced server
after you install the OS you do not have to proceed to the network setup or go online for updates
you can postpone configuring the server and install whatever s/w you need to and then configure the server
Play I Some Music w/ Papa Andy
Saturday 8 PM - 11 PM ET
All Night Rewind 11 PM - 5 PM
Reggae, African and Caribbean Music
[link|http://wxxe.org|Tune In]
|
Post #116,863
9/6/03 9:03:55 AM
|
Bingo
You have just described all of my future installs.
-----------------------------------------
It is much harder to be a liberal than a conservative. Why?
Because it is easier to give someone the finger than it is to give them a helping hand.
Mike Royko
|
Post #116,789
9/5/03 2:57:42 PM
|
Build slipstream CDs.
[link|http://zarquon.arsware.org/slipstream.html|http://zarquon.arswa...g/slipstream.html]
Yeah, I know it's a hack. I do it anyways.
In that final hour, when each breath is a struggle to take, and you are looking back over your life's accomplishments, which memories would you treasure? The empires you built, or the joy you spread to others?
Therin lies the true measure of a man.
|
Post #116,793
9/5/03 3:28:56 PM
|
Thanks
This'll come in handy.
-----------------------------------------
It is much harder to be a liberal than a conservative. Why?
Because it is easier to give someone the finger than it is to give them a helping hand.
Mike Royko
|
Post #116,833
9/5/03 11:08:12 PM
|
One of our clients got thrown of the 'net.
Their DSL line was not responding and we weren't sure they knew, since we support their install of our software across the Internet, so we rang them. To cut a long story short, their ISP had disabled their account because an infected PC on their site was spewing forth out to the Internet.
Wasn't the first time it's happened, incidentally. The ISP normally rings them and tells them what they've done. The message probably got lost in the office this time (they're a school).
Would that more ISPs would do this - especially to home users. Would make them sit up and take notice about the problem.
Wade.
Is it enough to love
Is it enough to breathe
Somebody rip my heart out
And leave me here to bleed
| |
Is it enough to die
Somebody save my life
I'd rather be Anything but Ordinary
Please
| -- "Anything but Ordinary" by Avril Lavigne. |
|
Post #117,206
9/9/03 10:36:25 AM
|
IFS!
That's Internet Face Stab for the uninitiated. DSL line Someone tell me again, what does DSL stand for? ===
Implicitly condoning stupidity since 2001.
|
Post #117,212
9/9/03 10:48:04 AM
|
Kinda like 'VIN number'
Cordially brought to you by the Department of Redundancy Department.
-----
Steve
|
Post #117,311
9/10/03 6:42:13 AM
|
[sarcasm] Thanks... [/sarcasm]
Is it enough to love
Is it enough to breathe
Somebody rip my heart out
And leave me here to bleed
| |
Is it enough to die
Somebody save my life
I'd rather be Anything but Ordinary
Please
| -- "Anything but Ordinary" by Avril Lavigne. |
|
