Code Red (II) Question
Don Erickson
derick at shark.zeni.net
Wed Aug 8 20:37:07 CDT 2001
In article <6995627CB46CD311BB960008C75690FC16A82B at CTBS_HQ1> you write:
>
>Don,
>
> You'll probably also want to check to make sure indexing is off in the
>services (IIS is installed and started in W2K Server and higher, not in W2K
>Pro). There is also the little problems you might have with RPC, I don't
>remember what the vulnerabilities are there, but you could certainly find
>out about them from CERT's website.
>
>Personally, if you're already running Apache, you might as well switch over
>to Linux or FreeBSD. You'll get added functionality and security, too!
These quotes can get confusing. I do run linux, I was trying to answer
the guy's question as to whether he is vulnerable to the Code Red virus
since he is running Apache on port 80. To my understanding of the issue
he is, in fact, safe.
Does anyone have a grasp as to how this virus could be taking down routers
or dsl modems? Certainly the modem cannot act as a host, and the
bandwidth utilized by the scans is trivial by internet connectivity
standards. Now, once the DOS attacks start the bandwidth becomes another
issue. Does Code Red II have this DOS "feature" also, or was that unique
to the original virus?
Regards,
-Don
--
.sig lite
More information about the Kclug
mailing list