On Wed, 23 Feb 1994 15:38:15 SAT you said: >Is it that simple ? is that only because some students ran some file they >do not know what does it do ? is it only Saudis do that ? What about XMAS >EXEC ? We received alot of it from BITNET, from some nodes there, why you >did not "pull them from your routing tables" ? Given that we have encountered no less than *6* different worms in the last few weeks (ZT EXEC, XMAS EXEC, MADONA MODULE, RAMA EXEC, FACES EXEC, and now EID EXEC), and that for most of these I encountered multiple copies originating at Saudi nodes, I have to conclude that either 1) There is a large problem with Saudi users who write worms. or 2) The Saudi node administrators need to do a *lot* more user education regarding "Dont run things that you don't understand". As another poster also noted, the inability to reach anybody in charge of the affected nodes didn't help matters. And given the situation that most of the core sites are in, I don't think that the frustration being evidenced is all that far out of line. Most of the core nodes are being run on non-dedicated machines, sharing resources with university-critical production work. I don't think that anybody here would disagree with the statement "It is permissible to turn off communications to another site that is causing a technical problem, if said site is unwilling/unable to fix their end". I think that faster and more effective communications in the future would go a *long* way in avoiding major political firefights. Even a simple "We heard about the XYZ BLORGLE worm, and we're cleaning up as fast as we can" would go a long way - at least then we don't have to worry about *more* copies of XYZ BLORGLE coming in as users keep running it... Valdis Kletnieks Computer Systems Engineer Virginia Polytechnic Institute