Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 20 Aug 2001 08:50:57 +0200
From:      "Carroll, D. (Danny)" <Danny.Carroll@mail.ing.nl>
To:        <freebsd-security@freebsd.org>
Subject:   RE: Code Red is from default setup
Message-ID:  <98829DC07ECECD47893074C4D525EFC3115625@citsnl007.europe.intranet>

next in thread | raw e-mail | index | archive | help
To clarify...

Index server need NOT be installed or even activated for the
vunerability to exist.
The problem is in the library that handles to request to be sent to
index server.

That means that if you install IIS, you have to patch it.

Also, it's my experience (in The Netherlands anyway) that the ISP's are
being quite helpful.  Those that have Code Red on their cable web
servers might be blocked until the ISP can contact the client but for
the most part, they are not blocking port 80.

It seems only to be the real big DLS/Cable companies in some countries
that are doing it.

-D

-----Original Message-----
From: Jim Durham [mailto:durham@w2xo.pgh.pa.us]
Sent: Sunday, August 19, 2001 6:31 AM
To: freebsd-security@freebsd.org
Subject: Code Red is from default setup


My friends who have to deal with M$ server things tell me that the
default
setup for Win2k server is that the IIS server is installed.

This means that a clueless person installing Win2k server is probably
not going to uncheck the little box that says to install it. So, there
is this lovely little IIS server sitting there just waiting to be
infrected by Code Red.

I have tried doing an HTTP connect to perhaps 20 IP addresses collected
from "Code Red" attempts on my web server and they *all* report "This
page
under construction". I believe these are web servers that are running
unknown to their owners.

If this is the case, then they are *not* going to patch their IIS
servers
because they probably don't know they have them, and this silliness is
going to keep right on going 8-(.

One downside of this is that ISPs are starting to block port 80 in an
attempt to kill the bug and those of us who have had the ability to
run web service on our home DSL or cable services are probably going to
lose that ability.

Thanks, Bill....

-Jim Durham



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
-----------------------------------------------------------------=0A=
ATTENTION:=0A=
The information in this electronic mail message is private and=0A=
confidential, and only intended for the addressee. Should you=0A=
receive this message by mistake, you are hereby notified that=0A=
any disclosure, reproduction, distribution or use of this=0A=
message is strictly prohibited. Please inform the sender by=0A=
reply transmission and delete the message without copying or=0A=
opening it.=0A=
=0A=
Messages and attachments are scanned for all viruses known.=0A=
If this message contains password-protected attachments, the=0A=
files have NOT been scanned for viruses by the ING mail domain.=0A=
Always scan attachments before opening them.=0A=
-----------------------------------------------------------------

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?98829DC07ECECD47893074C4D525EFC3115625>