Don't know if you did this or not, but next time one like this hits, just
unplug as many boxes from the network as possible as fast as you can.
Don't even bother shutting down the network interfaces "gracefully" via the
software, just pull the plug. We started doing this on our suspected
infected servers and I think it slowed the spread a LOT.
Shane Moseley wrote:
> I hear ya. I think I'm going slide my Solaris 8 hard drive back into my
> laptop. Today at work I spent 13 hours at a banking customer's regional
> 'main' cleaning servers by hand because their LAN and WAN were eat up
> w/it. Some machines had
> 2000+ infected files. Machines were being attacked faster than they could
> be
> cleaned. Machines in the same room were attacking each other. All
> Win2000 and NT.
>
> Just think - when microsuck takes over the world, even Daks will be
> powered by
> their os. An embedded real-time version similiar to WinCE. The first Dak
> virus is probably being conceived as I write this.
>
> Sweet dreams,
>
> Shane
>
> ateeling@workstationusers.com wrote:
>
>> Its times like these that really love the fact that i run linux. The
>> only way this effects me is the probs form those windoze boxes trying
>> to infect me. Haha keep trying.
>> adam
>> "in a world without fences, who needs GATES."
>>
>> Andy Levy wrote:
>> >
>> > We shut our links down too. But too late - it was one of our
>> > "reaction" steps after learning we got slammed by it.
>> >
>> > This thing attempts to exploit SIXTEEN vulnerabilities in various
>> > software that could be installed on an NT/2000 box, including stuff
>> > related to the
>> > Code Red worms. As I speak, some of my co-workers are rebuliding 13
>> > servers. I lead a crew checking over 60 desktops in the span of about
>> > 2
>> > hours. Fortunately, all those checked out clean.
>> >
>> > I don't think we know how we got hit just yet. We have so many people
>> > getitng into our network from remote (other companies we've acquired,
>> > field agents, etc.) we may never really know.
>> >
>> > Ronald Wong wrote:
>> >
>
> --
> '96 IndyRam-HisIndy-MPI TB Pulleys RTcam MPComp HVoilpump
> DynaGearDoubleRoller WindageTray CompTAs
> '96 IndyRam-HerIndy-numbered(#142)"Track Truck"
> '74 Triple-Black Dodge Challenger Rallye 360 EFI R&D vehicle
> '93 Dakota LE CC 318 - newest acquisition
>
>
>
-- -andy andylevy@yahoo.com Maintainer, DML FAQ - http://www.dakota-truck.net/faq/ http://home.twcny.rr.com/andylevy/dakota/ '99 CC 4x4 318 auto
This archive was generated by hypermail 2b29 : Fri Jun 20 2003 - 12:02:51 EDT