[70165] in North American Network Operators' Group
Re: Worms versus Bots
daemon@ATHENA.MIT.EDU (Stephen J. Wilcox)
Tue May 4 08:21:37 2004
Date: Tue, 4 May 2004 14:19:46 +0200 (CEST)
From: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
To: "william(at)elan.net" <william@elan.net>
Cc: Sean Donelan <sean@donelan.com>, Rob Thomas <robt@cymru.com>,
NANOG <nanog@merit.edu>
In-Reply-To: <Pine.LNX.4.44.0405032029190.21974-100000@sokol.elan.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Mon, 3 May 2004, william(at)elan.net wrote:
> Its possible its a problem on dialup, but in our ISP office I setup new
> win2000 servers and first thing I do is download all the patches. I've yet
> to see the server get infected in the 20-30 minutes it takes to finish it
> (Note: I also disable IIS just in case until everything is patched..).
The frequency of scans is such that I'd say you have been lucky.
Some worms also weight scans by IP (ie they can the local /16 more than the
local /8 more than the /0).. in which case if you're a <large ISP> dialup
customer you stand a higher chance of infection
Steve
