Code Red (II) Question
Brian Densmore
DensmoreB at ctbsonline.com
Wed Aug 8 13:55:01 CDT 2001
> -----Original Message-----
> From: Don Erickson [mailto:derick at shark.zeni.net]
>
> In article <ECELJBEDJNBKJAFCILGJOENBCAAA.sbrendtro at home.com>
> you write:
> >Just a quick question... I am running Apache on Win2000 on
> Port 80. I don't
> >have IIS installed at all. I should be safe, right? I
> wouldn't dare run a
> >Microsoft server on a Microsoft OS... that is just asking
> for trouble :)
>
> I understand that IIS runs by default on Win2000, as many
> configuration
Don,
You'll probably also want to check to make sure indexing is off in the
services (IIS is installed and started in W2K Server and higher, not in W2K
Pro). There is also the little problems you might have with RPC, I don't
remember what the vulnerabilities are there, but you could certainly find
out about them from CERT's website.
Personally, if you're already running Apache, you might as well switch over
to Linux or FreeBSD. You'll get added functionality and security, too!
JMHO,
Brian
More information about the Kclug
mailing list