ARTS & FARCES internet

So the Code Red worm has announced its presence and slithered away for another month or so. CNet reports that more than 280,000 web sites were infected (it remains unclear how many web servers were infected).

Code Red and its variants work by exploiting a buffer-overflow error in Microsoft’s Index Server which it part of the monopolist’s Internet Information Server (IIS) software, allowing the worm to execute code on the server itself. Never mind that Microsoft announced and published a fix for the problem months ago. According to the latest NetCraft survey there are close to 5 million IIS servers worldwide, and assuming that each of the CNet-reported sites resided on its own server (a gross over-estimation) more than 4.5 million IIS servers weren’t infected.

None of this is to say that IIS isn’t crappy software. It is. But it’s easy to install and configure and it allows millions of people to have a voice on the Internet that maybe they otherwise wouldn’t have.

But that’s not what this piece is about.

This piece is about the big story that was missed by everyone from the mainstream media (no surprise there) to the many independent, amateur voices of the blogging community.

Here, in a nut is the big story: Some percentage of more than 3 million households in the United States were aversely impacted by the Code Red worm and the vendor whose equipment was brought down by the attack has done little to nothing to address it. And it went unreported.

According to the New York Times, there are roughly 3 million Digital Subscriber Line (DSL) connections to the Internet in the United States. Most of these connections are serviced by the Cisco 600 series routers. Lots of small businesses (ARTS & FARCES included) depend upon these routers and DSL connections for their Internet connectivity. When these routers are configured with routed netblocks of IP addresses, as would be the case in almost all multiple-computer network configurations, they are susceptible to the Code Red worm.

The Cisco 600 series offers a web interface for partial configuration and some reporting. By default this interface is turned off in the router, but it still actively listens on port 80, the standard port for web services. As the Code Red worm scans for IIS servers on port 80, it invariably comes across these Cisco routers which it somehow mistakes for a vulnerable IIS server. Last week our router was falling off the network every few hours as a result of the Code Red worm looking for available IIS servers and thinking it had found one. The only solution was to cycle power to the router every time it locked up.

Cisco claims that it had fixed the vulnerability back in December 2000 when it released a new version of its software for these routers. That claim is false; the routers are clearly susceptible to the Code Red worm.

The fix (thanks to Steve Hallberg at our ISP, visi.com for the heads up) is to set the web interface port to something other than port 80, even after turning off web access to the device. Nowhere that I could find is this mentioned on Cisco’s web site.

I’d bet good money that more Cisco DSL routers were brought down by the Code Red worm than IIS servers. Yet Microsoft takes the brunt of the infestation reporting even though it had published a fix months ago. Cisco takes no heat even though its equipment remains vulnerable today. Why? I’m not sure but I’m starting to wonder if it’s because we’re too busy attributing monopolistic behavior to Microsoft whenever and wherever possible.

Is Microsoft a monopoly? Yes. That’s already been clearly established.

Did Microsoft use its monopoly to stifle competition? Yes. That’s also been clearly decided.

Oh, and if you had any question about Microsoft’s leadership having drunk too much of the Kool-Aid, take a look at this.

So why aren’t we asking more interesting questions other than the ones to which we already have the answers?

One of the answers to the problem of corporatization of the Internet is the blogging phenomenon. Here’s hoping the bloggers don’t fall prey to the pack mentality of simultaneously following and creating the “big story” like most of the mainstream journalists.