From owner-freebsd-security Sun Aug 19 23:53:39 2001 Delivered-To: freebsd-security@freebsd.org Received: from smtp8.xs4all.nl (smtp8.xs4all.nl [194.109.127.134]) by hub.freebsd.org (Postfix) with ESMTP id 75E8E37B408 for ; Sun, 19 Aug 2001 23:53:36 -0700 (PDT) (envelope-from wkb@freebie.xs4all.nl) Received: from freebie.xs4all.nl (freebie.xs4all.nl [213.84.32.253]) by smtp8.xs4all.nl (8.9.3/8.9.3) with ESMTP id IAA20653; Mon, 20 Aug 2001 08:53:34 +0200 (CEST) Received: (from wkb@localhost) by freebie.xs4all.nl (8.11.4/8.11.4) id f7K6rY417344; Mon, 20 Aug 2001 08:53:34 +0200 (CEST) (envelope-from wkb) Date: Mon, 20 Aug 2001 08:53:33 +0200 From: Wilko Bulte To: "Carroll, D. (Danny)" Cc: freebsd-security@FreeBSD.ORG Subject: Re: Code Red is from default setup Message-ID: <20010820085333.A17285@freebie.xs4all.nl> References: <98829DC07ECECD47893074C4D525EFC3115625@citsnl007.europe.intranet> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <98829DC07ECECD47893074C4D525EFC3115625@citsnl007.europe.intranet>; from Danny.Carroll@mail.ing.nl on Mon, Aug 20, 2001 at 08:50:57AM +0200 X-OS: FreeBSD 4.3-STABLE X-PGP: finger wilko@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Aug 20, 2001 at 08:50:57AM +0200, Carroll, D. (Danny) wrote: This is *FreeBSD* security, not MickeySoft latest bugs.. > To clarify... > > Index server need NOT be installed or even activated for the > vunerability to exist. > The problem is in the library that handles to request to be sent to > index server. > > That means that if you install IIS, you have to patch it. > > Also, it's my experience (in The Netherlands anyway) that the ISP's are > being quite helpful. Those that have Code Red on their cable web > servers might be blocked until the ISP can contact the client but for > the most part, they are not blocking port 80. > > It seems only to be the real big DLS/Cable companies in some countries > that are doing it. > > -D > > -----Original Message----- > From: Jim Durham [mailto:durham@w2xo.pgh.pa.us] > Sent: Sunday, August 19, 2001 6:31 AM > To: freebsd-security@freebsd.org > Subject: Code Red is from default setup > > > My friends who have to deal with M$ server things tell me that the > default > setup for Win2k server is that the IIS server is installed. -- | / o / / _ Arnhem, The Netherlands email: wilko@FreeBSD.org |/|/ / / /( (_) Bulte To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message