VeeshanVault

The entire school board got infected by the Nachi worm. It got into the fucking mail server, the network login server (2 discrete machines) and brought our network to its knees.

The truly sad part is that the vscan we're running was perfectly able to detect and remove it. It's just that the dumbasses who work here were too stupid to USE it.

On the plus side, at the moment, I'm one of about 10 users hogging the T for my own purposes! Muahaha!

Awwwww, poor baby...

Talk to me when you have routers all over the US failing due to the icmp flood created by nachi. Talk to me when you have over 22k workstations and desktop services is too stupid to automatically push a patch out. Talk to me when you have VPN/RAS users that use any POS machine they have at home connecting to your network and trying to re-infect everything you just spent a week trying to clean. Talk to me when half of your monitoring systems that rely on pings for basic connectivity testing are worthless because icmp echo/echo-reply is being dropped at every major distribution router in the network. Talk to me when b2b VPN's and GRE tunnels don't work because they use icmp type 3 and type 4 packets to establish connectivity and negotiate MTU size and someone denied ALL icmp packets in firewalls and routers. Talk to me after you've been on a 3 day conference call trying to contain that bullshit.

Anyone caught writing and distributing virii should have their hands shoved up their asses until you can see their fingers wriggling through their eye sockets. Try typing out your code then fucktards.

We've got AV on the mail servers and the firewalls\proxy servers, and still got hit, though not badly.

Someone's got scripts running that looks for traffic indicating an infection, and shuts down the users port\VPN connection until they call the help desk

Using non-corporate resources to attach to our network is grounds for termination, and gets enforced.

We only got hit by workstations. All of our windows based servers were patched.

We tried to get the vpn/ras policy changed to only allow company owned assets but then that would mean providing those assets to people. Someone thought it would save some money to allow Paul Pencilpusher to use their own home machine to work from home at night.

And once again, why in the hell could our desktop services group not get that patch pushed out via our software distribution channels? They oughta fire that whole group and start from scratch.

Because SMS is such a convoluted PoS, and companies aren't smart enough to realize that you really need someone competent operate it. It can't be just your average Windoze admin dork. SMS is great if you've got someone really good running it, unfortunately I've only met 3-4 people that fell into that catagory. Require domain login and force the script on them at connect, it's pretty simple and straightforward.

I've succelfully avoided SMS pushes and the subsequent downtime for a couple years now. Of course I'm generally ahead of corporate IT on patches\updates, and screen all my traffic locally.

The dipshits who did the SMS at my last company were the fucking dumbest motherfuckers. They'd be pushing DATs that were 2 revisions BEHIND what I was already running.

<--- small company employee, virus free! yeah baby!

Neost wrote:Awwwww, poor baby...

Talk to me when you have routers all over the US failing due to the icmp flood created by nachi. Talk to me when you have over 22k workstations and desktop services is too stupid to automatically push a patch out. Talk to me when you have VPN/RAS users that use any POS machine they have at home connecting to your network and trying to re-infect everything you just spent a week trying to clean. Talk to me when half of your monitoring systems that rely on pings for basic connectivity testing are worthless because icmp echo/echo-reply is being dropped at every major distribution router in the network. Talk to me when b2b VPN's and GRE tunnels don't work because they use icmp type 3 and type 4 packets to establish connectivity and negotiate MTU size and someone denied ALL icmp packets in firewalls and routers. Talk to me after you've been on a 3 day conference call trying to contain that bullshit.

Anyone caught writing and distributing virii should have their hands shoved up their asses until you can see their fingers wriggling through their eye sockets. Try typing out your code then fucktards.

Anyone else actually hear the octive in his voice go up gradually? Made me think of Chavez from Young Guns, "AND IT MEANS NOTHING TO ME?"

perververted

Just on a note i thought i would tell everyone that you should run a spyware remover. go to download.com and type in spyware find a spyware removed and download it.

spyware tells people when you are online and they try to upload things onto your computer. This is the main way things like the blaster worm which is still going around are put onto your computer. Im running the scanner right now and i have found over 1,000 spyware componets on my computer and its still climbing.

I run Ad-aware every week

And don't forget ALL the times he sold DOPE disguised as a NUN.

We blocked it on RAS/VPN and all the servers were patched so we didn't have any problems at all. Neo let me know if you hear of any mgt jobs and maybe I'll come help ya out

Marb

I'm still in the process of tracking down more people that are infected with Sobig and have people from my office on their mailing lists.

The suckiest part is that sobig infected messages are being picked up by our server-side anti-spam filters and I have 3x more shit to filter through to find potential false positives.

Tracking times between then a message was received and the time it came in on a SMTP log is not a fun task =(

Dude did you think end users would run anti-virus?

They wouldn't even run that if you sent them an e-mail in bold red letters that said "click me".

Trust me I hear techs complain about stuff like that all the time. When I worked in the office it was so small I just did it all myself "trust noone" was my motto.

We have Antigen on our servers, but lots of email spam gets through(with disabled viruses). After 3 hours of playing EQ tonight, I got 100+ messages to the webmaster@valleycrest.com address from some pseudo-antivirus addy... I want to beat them to death with a clawhammer for wasting my time!

Canelek wrote:And don't forget ALL the times he sold DOPE disguised as a NUN.

I just glad SOMEBODY caught the reference.

Bubba Grizz wrote:

Neost wrote:Awwwww, poor baby...

Talk to me when you have routers all over the US failing due to the icmp flood created by nachi. Talk to me when you have over 22k workstations and desktop services is too stupid to automatically push a patch out. Talk to me when you have VPN/RAS users that use any POS machine they have at home connecting to your network and trying to re-infect everything you just spent a week trying to clean. Talk to me when half of your monitoring systems that rely on pings for basic connectivity testing are worthless because icmp echo/echo-reply is being dropped at every major distribution router in the network. Talk to me when b2b VPN's and GRE tunnels don't work because they use icmp type 3 and type 4 packets to establish connectivity and negotiate MTU size and someone denied ALL icmp packets in firewalls and routers. Talk to me after you've been on a 3 day conference call trying to contain that bullshit.

Anyone caught writing and distributing virii should have their hands shoved up their asses until you can see their fingers wriggling through their eye sockets. Try typing out your code then fucktards.

Anyone else actually hear the octive in his voice go up gradually? Made me think of Chavez from Young Guns, "AND IT MEANS NOTHING TO ME?"

ROFL

masteen wrote:

Canelek wrote:And don't forget ALL the times he sold DOPE disguised as a NUN.

I just glad SOMEBODY caught the reference.

HANGIN'S TOO GOOD FOR HIM. BURININS TO GOOD FOR HIM! HE SHOULD BE TORN INTO ITSY PIECES AND BURIED ALIVEEEEEE. I'LL KEEL IMMM RAWR!

The idiots in charge of the WVUP computer labs JUST YESTERDAY lost one entire lab (30? computers) and a partial loss on a second one (another 6).

Would have been different IF they had lost them when the worms really hit. They lost them what.. two? weeks after the instructions on how to prevent them and kill them became mainstream.

Farking idiots.

They arrested some 18 year old, 6'4" 320 lb asshole in St. Paul, MN and are charging that he is the person who released MSBlaster or Nachi.

If he's the one, I hope they fry his balls on a 2.4 ghz P4 overclocked to the max.