|
Sender: |
|
Subject: |
|
From: |
|
Date: |
Wed, 23 Feb 1994 13:02:01 EST |
In-Reply-To: |
|
Organization: |
Virginia Polytechnic Institute |
Reply-To: |
|
On Wed, 23 Feb 1994 15:38:15 SAT you said:
>Is it that simple ? is that only because some students ran some file they
>do not know what does it do ? is it only Saudis do that ? What about XMAS
>EXEC ? We received alot of it from BITNET, from some nodes there, why you
>did not "pull them from your routing tables" ?
Given that we have encountered no less than *6* different worms in the
last few weeks (ZT EXEC, XMAS EXEC, MADONA MODULE, RAMA EXEC, FACES
EXEC, and now EID EXEC), and that for most of these I encountered
multiple copies originating at Saudi nodes, I have to conclude that
either
1) There is a large problem with Saudi users who write worms.
or
2) The Saudi node administrators need to do a *lot* more user education
regarding "Dont run things that you don't understand".
As another poster also noted, the inability to reach anybody in charge
of the affected nodes didn't help matters. And given the situation that
most of the core sites are in, I don't think that the frustration being
evidenced is all that far out of line. Most of the core nodes are being
run on non-dedicated machines, sharing resources with
university-critical production work. I don't think that anybody here
would disagree with the statement "It is permissible to turn off
communications to another site that is causing a technical problem, if
said site is unwilling/unable to fix their end".
I think that faster and more effective communications in the future
would go a *long* way in avoiding major political firefights. Even a
simple "We heard about the XYZ BLORGLE worm, and we're cleaning up as
fast as we can" would go a long way - at least then we don't have to
worry about *more* copies of XYZ BLORGLE coming in as users keep running
it...
Valdis Kletnieks
Computer Systems Engineer
Virginia Polytechnic Institute
|
|
|