Santa Fe city government computers knocked out by worm

Sean Donelan sean at
Sun Nov 16 22:12:19 UTC 2003

On Sun, 16 Nov 2003, Jamie Reid wrote:
> There was a comment (maybe even mine) in a previous thread
> about accepting a base level of potentially compromised hosts
> on a network, as the costs of rooting out every last one becomes
> unwieldly. Networks are large enough that security must be
> viewed as an economy of controls and risks instead of as a binary
> state of secure or compromised.

If your policy is not to root out every last one, then you need to
beef up your network so a single compromised host doesn't bring down the
whole network.  The Internet is evidence that a network can continue to
operate even with a very large number of compromised machines on a daily
basis. On the other hand, if a single user downloading a music file on
your network can take your entire network off the air for several
days, you may have a problem.

I've often tried to explain that ISPs generally view worms as a "capacity
planning" issue.  Worms change the "eco-system" of the Internet and ISPs
have to adapt.  But ISPs generally can't "fix" the end-users or their

System admins were able to completely eradicate the Morris worm.  But
most modern worms like Nimda, Code Red I/II, Slammer stick around.
Sometimes a new worm like Nachi supplants an older worm like Blaster.
Even if the ISP tries to be the great network firewall, we have mobile
computers with mobile code.  Laptops are too common, connecting to
multiple networks.

More information about the NANOG mailing list