Sasser remediation tale

[Bob Keyes]

Well, this isn't really related to Linux as much as it is a hint for
sysadmins.

At work, one XP user didn't do what he was told and do security updates.
So we had a network outage today, due to his getting infected with sasser
and overloading the network. The machine (a laptop) was delivered to me,
and of course the first thing I did was take it off the net so it wouldn't
spread, and also so it woulnd't overload the net. But then how to get the
neccessary windows updates? I couldn't use a floppy (even if it would have
fit) or CDrom because the system had neither. In a moment of inspiration I
deleted the default route, and added network routes to the class Cs that
the two servers download.microsoft.com and www.microsoft.com, and plugged
the machine back into the net. Sure enough, this kept the net from getting
overloaded and while it may have attacked local machines, I had made sure
they were all updated by the time the infected machine was reconnected so
there was no infection worry. In not time the microsoft sasser repair
package was downloaded, installed, and then a proper windows update was
done, and set to happen automatically.

Just a hint because I know a few of you on this list are in the position
that I am, cleaning up the mess after Microsoft and Sasser.