[Am-info] Interesting observation re Nimbda et al

[Paul Rickard]

========== On 2002.07.10 01:39 PM, Geoffrey typed: ============

>This is the biggest problem with these buggers.  They're scanning blocks 
>of IPs.  They're not even looking for registered domains.  I've got two 
>static ips, one is registered to a domain, the other is not.  Both get 
>the same number of hits.

    If you want to attack the most vulnerable things on a network, this 
is the way to do it. Servers and other devices without a domain name are 
probably going to be less protected because their owners expect them to 
be unknown. And if the... virus? (do we call it a virus?) If the thing 
manages to get inside a company's network, which will inherently not have 
registered domains, it's going to just randomly scan IP addresses and 
attack whatever is out there. An XP machine buried deep inside your 
network with IIS installed and turned on by default, for example. This is 
probably why it's still out there - most people serious enough to have a 
server and a domain have probably already patched the sucker up.


======== Paul Rickard, Editor of The Microsoft Boycott Campaign =======
--------------------------------[ Http://www.msboycott.com ]-----------

  "Microsoft is now talking about the digital nervous system. I guess I
   would be nervous if my system was built on their technology, too."
       -Sun Microsystems President Scott McNealy