When companies do stuff like this its because they dont have people smart enough to know how to correctly deal with the problem. Hell, write an in-line packet analyzer and stick it between your internet router and DMZ router. Have it search the data portion of packets for the string "default.ida" and if it sees it block the packet. This is cake to do and will stop the virus cold in its tracks leaving all other traffic unaffected. I cant stand incomptetant companies and the moron employees they hire like Qwaste/MSN/whatever the hell you are this week companies. </vent> At 01:58 PM 9/2/01 -0500, you wrote: >Well here's what I got back from AT&T Broadband Mediaone Roadrunner >@Home whatever the hell they are now about unblocking port 80. > >And is it just me or since merging with MSN has Qwest gotten rid of >'select' DSL? Sigh. Fck you AT&T, and please eat a bag of death, Qwest... > >-------- Original Message -------- >Subject: Re: Re: Fwd: Re: Other-r (KMM3274328V10230L0KM) >Date: Thu, 30 Aug 2001 16:57:45 -0600 >From: AT&T Broadband Internet Customer Care ><rrcustomer.care at broadband.att.com> >Reply-To: AT&T Broadband Internet Customer Care ><rrcustomer.care at broadband.att.com> >To: Callum Lerwick <seg at haxxed.com> > >Dear Callum, > >Thank you for writing AT&T Broadband. >We apologize for the information that you received incorrectly. > >Customer service agents have no control over filtered ports. >That is a job that our network engineers get paid to do. > >On an individual basis, we can appreciate your expertise >regarding Code Red, and how it effects our network. > >Unfortunately, the threat is network wide, and the steps >we have taken are meant to provide the highest level >of security to all our customers. > >One result of this port filtering is that people who >are running servers out of their home networks will >no longer be able to obtain bandwidth that they don't >pay for. > >Anyone found running a server using our service, is in >direct contravention of our service agreement, and is to >be reported to our security people. > >Hopefully, this is not your situation. > >Until the threat from Code Red diminishes, we will continue >to filter ports in an effort to provide security to all >our customers. > >We hope that this has answered your question. > >Please write again with any of your concerns. > > > >Sincerely, > >Daniel M-w >AT&T Broadband Online Customer Support Center > >Original Message Follows: >------------------------ > >> To unblock ports 137-139, you must write to netbios at mediaone.net. We > >> unforutnately are not unblocking port 80 until the virus has cleared. > >> We apologize for the inconvenience this may cause you. If you insist > >> that there is a way to do this, please phone the person in which told > >> you of this. > >Well I didn't get the name of who I spoke to. But is there any way I can > >possibly convince you guys to unblock port 80 on me? I am well aware of >what codered is, how it works, and how it spreads. I have participated >in code red reverse engineering efforts. I am also quite certain I am >not vulnerable to code red, as I am not running IIS, it is a Linux based > >computer now handling the 'net connection here, and all windows machines > >are firewalled behind it. > >If you will not unblock port 80, I will just have to move to a service >who will. DSL is looking better and better, especially after AT&T has >come along and jacked the prices up on all cable services around here. > >_______________________________________________ >tclug-list mailing list >tclug-list at mn-linux.org >https://mailman.mn-linux.org/mailman/listinfo/tclug-list >