Re: Blackice missing Code Red?

From: karl [x y] (jamescagney90210@excite.com)
Date: 07/21/02

• Next message: karl [x y]: "Re: BlackIce vs Sygate"
• Previous message: Billh: "Re: Sygate & ZA"
• In reply to: Paul Hutchings: "Blackice missing Code Red?"
• Next in thread: Paul Hutchings: "Re: Blackice missing Code Red?"
• Reply: Paul Hutchings: "Re: Blackice missing Code Red?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "karl [x y]" <jamescagney90210@excite.com>
Date: Sun, 21 Jul 2002 10:11:52 -0400

See the previous post titled "black ice vs. sygate." I don't believe you
need to open port 80 for blackice, and I think this could possibly be the
problem. I definitely recommend installing URLscan which comes with the
free IISlockdown tool from www.microsoft.com/security [in addition to BID].
[also check out and follow the securing windows and IIS checklists there if
you haven't already].

"Paul Hutchings" <paul.hutchings@gmx.netNOSPAM> wrote in message
news:Xns92528BDF7C7D7paulhutchingsgmxnet@216.168.3.40...
> Just installed blackice on my home machine as I want to see if and how it
> deals with code red and Nimda requests.
>
> My thinking was as follows:
>
> Install BID 3.5, allow inbound http on port 80 through "Advanced Firewall
> Settings".
>
> Install a basic webserver, in this case AnalogX simpleserver as it's not
> going to be publishing anything other than a default page.
>
> Having done this, I'm visible on port 80 from "The Internet"
>
> So, I thought I'd check for "code red", I remotely went through the
URLScan
> logfiles at work and copied some of the urls, then using the browser on a
> machine at work appended these to my home IP address.
>
> So I goto http://my.home.ip/scripts/root.exe?/c+dir%20/c+dir - I expected
> BID to flag something, but it didn't do anything.
>
> I've checked the manual, and I don't believe I've missed anything obvious,
> so does anyone have an idea what's happening?
>
> rgds
> Paul
> --
> Paul Hutchings
> ****Remove NOSPAM when replying****

---

• Next message: karl [x y]: "Re: BlackIce vs Sygate"
• Previous message: Billh: "Re: Sygate & ZA"
• In reply to: Paul Hutchings: "Blackice missing Code Red?"
• Next in thread: Paul Hutchings: "Re: Blackice missing Code Red?"
• Reply: Paul Hutchings: "Re: Blackice missing Code Red?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Web Server ... An open port cannot be protected by the firewall. ... I do not think BlackIce is holy, ... >> expecting ZA to protect against malicious traffic on port 80. ... (comp.security.firewalls) Re: Web Server ... An open port cannot be protected by the firewall. ... I do not think BlackIce is holy, ... >> expecting ZA to protect against malicious traffic on port 80. ... (comp.security.firewalls) Re: Web Server ... > stealth ports. ... An open port cannot be protected by the firewall. ... Well then shed a light on your Blackice. ... (comp.security.firewalls) Re: Web Server ... > stealth ports. ... An open port cannot be protected by the firewall. ... Well then shed a light on your Blackice. ... (comp.security.firewalls) Editing boot.ini ... I have been having a problem with installing ISS's "BlackICE PC Protector" ... scans the HD every time and sometimes finds corrupted files). ... helpdesk has recommended changing the boot.ini file, ... (microsoft.public.windowsxp.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)