Re: Alert: New Code Red F worming its way through the 'net

From: Randy Hinders (randy@DONET.COM)
Date: 03/11/03

  • Next message: Russ: "Administrivia #30714 - Announcing the 5th Annual NTBugtraq Retreat"
    Date:         Tue, 11 Mar 2003 14:03:11 -0500
    From: Randy Hinders <randy@DONET.COM>
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Russ,

    The best thing an IIS admin can do (other than patching their system) is
    to remove the 'blank' host header. The default settings of IIS 4.0, 5.0
    and 5.1 allow the server to answer to the IP of the local server. If
    they remove the blank host header they are forcing the host header to
    match something listed in IIS.

    After the last Code Red I wrote an article that Brett Hill posted at
    http://www.iisanswers.com/articles/hinders_rant.htm

    Thanks for the heads up!

    Randy A. Hinders
    MCT (ret.), MCSE, MCP +I & A+
    NT Systems Administrator
    DONet, Inc
    randy@donet.com
    www.donet.com

    ~~Hoka Hey, Lakotas~~

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Delivery co-sponsored by TruSecure
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    FREE 14-DAY TRIAL of New Threat & Vulnerability Notification Service

    TruSecure's new IntelliShield(tm) web-based threat and vulnerability
    service isn't your typical alert service. Supported by TruSecure's vast
    intelligence resources - including the ICSA Labs - IntelliShield's early
    warning, analysis, decision support, and threat management tools provide
    organizations with unmatched intelligence to better protect critical
    information assets. Experience it for yourself - just click below to begin
    your FREE, NO OBLIGATION 14-day trial today!

    http://www.trusecure.com/offer/s0074/

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo


  • Next message: Russ: "Administrivia #30714 - Announcing the 5th Annual NTBugtraq Retreat"

    Relevant Pages

    • Re: owa goes to wrong page.
      ... They haven't been using host header name on the system. ... I rechecked the log visits etc. Do you know if i upgrade to iis 5.1 will it show up under the version info through mmc. ... I found through checking w3svc log it stopped logging and i can not get it to start to trouble shoot. ...
      (microsoft.public.exchange.admin)
    • host header names as security devices
      ... I am curious if the use of a host header name ... In the event of an HTTP request sent to the IP address (rather than to the ... hostname) of an IIS server running a web site configured with an IIS host ... match a configured host header name and there was no default site to return. ...
      (Focus-Microsoft)
    • Re: Operation confusion caused by phrase "bound to all ips on that machine"
      ... One thing you would need to keep in mind especially with IIS and ISA on the ... setup it's listener to listen on all IP addresses on port 80.. ... IIS itself would still be listening on all ... that its configured to listen on, port, and host header. ...
      (microsoft.public.windows.server.sbs)
    • Re: Multiple Domains
      ... It is just a matter of setting ISA and IIS up to play nicely together. ... have IIS sorting by Host header name for which site to serve up. ... >>> correct website. ...
      (microsoft.public.windows.server.sbs)
    • Re: Mutliple sites needing to communicate over SSL on one IIS server
      ... it is not a limitation of IIS. ... The request (including the ... webserver) to find out what the host header is. ... "HTTP 1.1 Host Headers Are Not Supported When You Use SSL" ...
      (microsoft.public.inetserver.iis)