Re: IIS4 & Code Red?
From: Michael Sheppard (mike@reach.net)Date: 07/26/01
- Previous message: Windex King: "Re: Trace of 139 attack?"
- In reply to: Dave Loschiavo: "IIS4 & Code Red?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200107261817.f6QIHNJ14375@eagle.reach.net> From: Michael Sheppard <mike@reach.net> To: focus-ms@securityfocus.com Subject: Re: IIS4 & Code Red? Date: Thu, 26 Jul 2001 14:18:58 -0400
I had an IIS 4.0, SP6a, NT4.0 box get sort of hit - everytime a PING from ain
infected Internet box tried to access the server, the WebService shut down.
I'd restart it, only to have it go down again.
It was frustrating watching it happen, because the only thing I could see
happening at the same time as the server stoppage was an IUSR_computer access
in the Event Viewer.
Then I read the security mailing lists and knew what it was.
I believe the only thing that saved the box was the fact I unmapped the .idq
and .ida ISAPI filters as well I run the root drive on NTFS separate from the
web folder.
On July 26, 2001 10:22 am, you wrote:
> Anyone out there actually see (first hand) an IIS4 box that was
> compromised by Code Red? I know it will affect IIS5, and the alerts say it
> affects IIS4 and IIS5, but I'd like to know if anyone actually saw an IIS4
> box get hit.
--
- Previous message: Windex King: "Re: Trace of 139 attack?"
- In reply to: Dave Loschiavo: "IIS4 & Code Red?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
