"'The employees that set it up apparently had no idea of security,' Brandon said. 'But what is really surprising is that Novell would allow employees to set up game servers on their corporate network and then allow the public to access it.'"
It's not "surprising" at all, given my same experience by some server-side/network computers doing the very same thing....the better server-admins. in some organizations respond with at least acknowledging the problem and then repairing or taking the offending computer offline until repair, but what is ACTUALLY surprising is how many networks do not even seem to care (that they enable zombie computers, which this article describes). Whether they care or not isn't the important thing here but it is important whether or not they repair the problem. There are so many infected computers that it can be overwhelming to see...well, something like a hit to a website every two minutes for hours on end from state, .gov level IPAs, schools and such. I get the impression that some server admins. can't be bothered.
Where I work EVERYTHING going in and out of the perimeter is carefully monitored, and indexed based on requirement down to the port. Either you do that, and maintain control, or you have no control, there really is no middle ground.
Quake servers are quite common in internal development organizations. ;-) The trick is to always have a couple of spare "test" machines attached. Getting it exposed to the outside world is the real problem. I've always thought, if you get caught, you deserve to get burned to the fullest extent.