From owner-freebsd-security Sun Aug 19 23:47:35 2001 Delivered-To: freebsd-security@freebsd.org Received: from guard.ing.nl (guard.ing.nl [194.178.239.66]) by hub.freebsd.org (Postfix) with ESMTP id 1F38037B407 for ; Sun, 19 Aug 2001 23:47:30 -0700 (PDT) (envelope-from Danny.Carroll@mail.ing.nl) Received: by ING-mailhub; id IAA03093; Mon, 20 Aug 2001 08:49:23 +0200 (MET DST) Received: from somewhere by smtpxd content-class: urn:content-classes:message Subject: RE: Code Red is from default setup Date: Mon, 20 Aug 2001 08:50:57 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Message-ID: <98829DC07ECECD47893074C4D525EFC3115625@citsnl007.europe.intranet> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Code Red is from default setup Thread-Index: AcEoaDZI7Ce3WnsJT7eSoqiTI/xx9wA28PPg From: "Carroll, D. (Danny)" To: Importance: normal X-OriginalArrivalTime: 20 Aug 2001 06:50:57.0420 (UTC) FILETIME=[7701B4C0:01C12944] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org To clarify... Index server need NOT be installed or even activated for the vunerability to exist. The problem is in the library that handles to request to be sent to index server. That means that if you install IIS, you have to patch it. Also, it's my experience (in The Netherlands anyway) that the ISP's are being quite helpful. Those that have Code Red on their cable web servers might be blocked until the ISP can contact the client but for the most part, they are not blocking port 80. It seems only to be the real big DLS/Cable companies in some countries that are doing it. -D -----Original Message----- From: Jim Durham [mailto:durham@w2xo.pgh.pa.us] Sent: Sunday, August 19, 2001 6:31 AM To: freebsd-security@freebsd.org Subject: Code Red is from default setup My friends who have to deal with M$ server things tell me that the default setup for Win2k server is that the IIS server is installed. This means that a clueless person installing Win2k server is probably not going to uncheck the little box that says to install it. So, there is this lovely little IIS server sitting there just waiting to be infrected by Code Red. I have tried doing an HTTP connect to perhaps 20 IP addresses collected from "Code Red" attempts on my web server and they *all* report "This page under construction". I believe these are web servers that are running unknown to their owners. If this is the case, then they are *not* going to patch their IIS servers because they probably don't know they have them, and this silliness is going to keep right on going 8-(. One downside of this is that ISPs are starting to block port 80 in an attempt to kill the bug and those of us who have had the ability to run web service on our home DSL or cable services are probably going to lose that ability. Thanks, Bill.... -Jim Durham To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message -----------------------------------------------------------------=0A= ATTENTION:=0A= The information in this electronic mail message is private and=0A= confidential, and only intended for the addressee. Should you=0A= receive this message by mistake, you are hereby notified that=0A= any disclosure, reproduction, distribution or use of this=0A= message is strictly prohibited. Please inform the sender by=0A= reply transmission and delete the message without copying or=0A= opening it.=0A= =0A= Messages and attachments are scanned for all viruses known.=0A= If this message contains password-protected attachments, the=0A= files have NOT been scanned for viruses by the ING mail domain.=0A= Always scan attachments before opening them.=0A= ----------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message