Re: [fw-wiz] Request for Information: study of patching a certain IIS-vulnerability

From: Hugh Blandford (hugh_at_island.net.au)
Date: 10/22/03

  • Next message: Ravi Kumar: "[fw-wiz] Multicast Firewall"
    To: <firewall-wizards@honor.icsalabs.com>
    Date: Wed, 22 Oct 2003 11:13:40 +1000
    
    

    > Date: Mon, 20 Oct 2003 13:56:56 +0300
    > From: Mikael Riska <mikael.riska@hut.fi>
    > To: firewall-wizards@honor.icsalabs.com
    > Subject: [fw-wiz] Request for Information: study of patching a certain
    IIS-vulnerability
    >
    > I remember reading about someone doing a study on a how a certain
    > IIS-patch was installed throughout the world. The study contained
    > information about when server administrators installed a critical
    > IIS-patch. (i.e. spikes immediately when the patch was released and
    > another spike when a worm was developed). Unfortunately I can not
    > remember which IIS-worm it was, and have not been succesful in finding
    > the article from my own fw-wiz archives, so now I am hoping that some of
    > you will recognize and remeber who wrote it, or where it was published.
    >
    >
    >
    > Mikael Riska
    >
    > Laboratory Engineer
    >
    > --
    > Software Business and Engineering Institute tel. +358 9 451 6078
    > P.O. Box 9600, FIN-02015 HUT, Finland fax +358 9 451 4958
    > Metsänneidonkuja 10, Espoo mob. +358 40 770 9900

    Hi Mikael,

    I can't tell you whether this is what you are looking for but the Code Red
    worm springs to mind. You can have a look at:

    http://www.caida.org/analysis/security/code-red/

    I just put

    code red analysis

    into Google and came up with quite a lot of info.

    Regards,

    Hugh Blandford

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Ravi Kumar: "[fw-wiz] Multicast Firewall"