Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: What could have been done differently?

  • From: Mike Lewinski
  • Date: Tue Jan 28 23:29:15 2003



On Tue, 28 Jan 2003, Andy Putnins wrote:

> This is therefore a request for all of those who possess this "clue" to
> write down their wisdom and share it with the rest of us

I can't tell you what clue is, but I know when I don't see it. In some
cases our clients have had Code Red, Nimda, and Sapphire hit the same
friggin machines.

To borrow from the exploding car analogy, if you're the highway dept. and
you notice that only *some* people's cars seem to explode, maybe you build
the equivalent of an HOV lane with concrete dividers, and funnel them all
into it, so at least they don't blow up the more conscientious
drivers/mechanics in the next lane over.

Providers who were negatively affected might want to look at their lists,
compare with past incident lists and schedule a maintenance window to
aggregate the repeat offenders ports where feasible, to isolate impact of
the next worm.

We've tried to share clue with clients via security announcements,
encouraging everyone to get on their vendors' security lists, follow
BUGTRAQ, and provide relevant signup URLs.

Mike








Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.