News from PANUG - September 7, 2001 http://panug.org THE OTHER PANUG Two months ago, we contacted the Portland Area .NET User Group about changing their name so it does not conflict with PANUG. They agreed to change their name to avoid the conflict. Apparently, they did not tell Microsoft about this and Microsoft's periodic email announcements still refer to their group as PANUG. We asked them again this morning to take care of this but they'd like to see proof. Apparently, they don't read the Microsoft announcements. If you have a copy of a recent Microsoft email that refers to PANUG, please send a copy of it to: christopher.goldfarb@intel.com CODE RED STATUS/COUNTERMEASURES by Ed Sawicki There has been some reduction in Code Red worm attacks - but just a little. My Apache logs show Code Red attempts at about 20 per day - not much less than two weeks ago. I have only one web server visible to the Internet. If you have more than one, you'll see a correspondingly higher number. At this rate, we'll be living with Code Red for years. Clearly, IIS administrators are not patching their servers. Some programmers have had enough of buggy Microsoft software and irresponsible administrators and have developed countermeasures. The countermeasures are in the form of worms - fighting fire with fire. Some of the worms are designed to do harm - to punish those who aren't patching their servers - while others are designed to patch the infected servers without doing any harm. Der HexXer of Germany developed an anti-Code Red worm called "Code Green". This worm hunts down vulnerable IIS servers and patches them. Markus Kern wrote a similar worm called "CRclean" that does not hunt down infected servers. Rather, it only deals with IIS servers that attempt to infect your server. Most people are critical of those who have developed worms that punish administrators of unpatched servers but seem to accept worms such as CRclean as "good things" since their intention is to fix infected systems. Still, there are those who say they will bring legal action against anyone sending worms to their computers regardless of intention. I imagine these same people would take a very different view if Microsoft developed an anti-Code Red worm. Can you think of reasons why Microsoft should not develop worms to try to clean up the mess that they are responsible for? It's the threat of legal action that will prevent the widespread use of worms designed to clean up Code Red. Since Microsoft is providing no leadership in solving the Code Red problem, it seems that we'll have to rely on the Internet underworld to bring Code Red to an end. FEEDBACK Regarding the PANUG Board's decision to allow unemployed members to attend training courses for a fraction of the normal fee and repaying the balance after they get a job, David Roth writes "My compliments to the Board for coming up with such a generous and far-sighted policy for unemployed members." Regarding the PANUG Board's decision to allow unemployed members to pay the student membership fee, James Harnett writes that this is a decision that should have been made by the entire membership - that the Board should not have voted on this issue. If you have an opinion about this please send your comments to board@panug.org. Regarding the article Forcing A Blue Screen of Death, Paul Rogers writes "HAHAHAHAHA, the mind boggles! Aside from the obvious method, i.e. installing it, by what stretch of the imagination would something like this be left in release code?! and David Jones writes "By the way, there is a registry entry that allows you to do away entirely with BSOD's. You can make them green instead! or RED!" Regarding the Tigard company looking for a CNE to help setup DNS/DNCP on a Netware 5.x server, John Mckean writes "Sure, why hire someone who has actual experience implementing DHCP in a production environment when you can have a CNE :)"