Code Red (II) Question
Don Erickson
derick at shark.zeni.net
Thu Aug 9 02:10:52 CDT 2001
In article <003f01c1204e$7e924e60$c6950c0a at uhc.com> you write:
>
>I would guess that there is a vulnerability that "looks like" the IE hole to
>the virus, which either overflows something or lodges unworkable code
>somewhere.
Thanks for the clarification. Well, I went to CERT and apparently the
Cisco routers that are vulnerable to Code Red are vulnerable specifically
because they run MS IIS. That's pretty much a no-brainer.
The Cisco 600 series of DSL Routers simply stop forwarding packets
because, as you surmise, the virus' requests trigger an unrelated
memory overrun vulnerability.
Personally, I'm surprised that Cisco ships routers running Microsoft Web
servers. I wonder if that fact was considered a sales point, or was kept
quiet?
Regards,
-Don
--
.sig lite
More information about the Kclug
mailing list