Xayd
09-22-2001, 06:41 AM
Well well, since we now see finally the virus that will potentially infect all IE users, along with another attack on the internet as a whole as it attempts to infect every IIS server, here's what my disgust with all of this brought to mind...
My site might as well be down, host is getting pounded by it. So far my logs have shown about 200-400 attempts at cmd.exe an hour. Pages of 100k or less take 20 to 30 seconds to load.
Here's my opinion and solution...
All servers should be required to have ident report their OS and in the case of Microsoft, service pack number. Any request to remove an infected machine from an ISP's network due to virii propagation should be required by law to be accomodated by said ISP. If my logs show a machine slamming my server trying to infect me, I should be able to submit said logs to that machine's ISP and demand that they be offline within 12 hours, until they deal with their virus. That machine would not be allowed back online until a remote ident query shows that they're no-longer infected, via application of the patch or service pack to fix it. This could be automated with a periodic ident check on all machines on the ISP's network by that ISP, and an ident check at logon for ppp users or at the beginning of the lease for cable users on DHCP.
The real solution is a banning of the sale of any server software by Microsoft, but since that won't happen, I think the idea above is the next best thing. When idiots who run sites on NT 4 and un-patched IIS get their bandwidth taken away from them, they'll learn to deal with their security issues rather quickly I'll bet.
After all, these aren't computer viruses, they're Microsoft viruses. If IIS and IE integration didn't exist, we wouldn't be dealing with this crap.
I'm sure it'll never happen, but I think the above situation is pretty fair in light of what goes on these days.
Xayd
My site might as well be down, host is getting pounded by it. So far my logs have shown about 200-400 attempts at cmd.exe an hour. Pages of 100k or less take 20 to 30 seconds to load.
Here's my opinion and solution...
All servers should be required to have ident report their OS and in the case of Microsoft, service pack number. Any request to remove an infected machine from an ISP's network due to virii propagation should be required by law to be accomodated by said ISP. If my logs show a machine slamming my server trying to infect me, I should be able to submit said logs to that machine's ISP and demand that they be offline within 12 hours, until they deal with their virus. That machine would not be allowed back online until a remote ident query shows that they're no-longer infected, via application of the patch or service pack to fix it. This could be automated with a periodic ident check on all machines on the ISP's network by that ISP, and an ident check at logon for ppp users or at the beginning of the lease for cable users on DHCP.
The real solution is a banning of the sale of any server software by Microsoft, but since that won't happen, I think the idea above is the next best thing. When idiots who run sites on NT 4 and un-patched IIS get their bandwidth taken away from them, they'll learn to deal with their security issues rather quickly I'll bet.
After all, these aren't computer viruses, they're Microsoft viruses. If IIS and IE integration didn't exist, we wouldn't be dealing with this crap.
I'm sure it'll never happen, but I think the above situation is pretty fair in light of what goes on these days.
Xayd