Re: Blackice missing Code Red?

From: herauth (info.box@home.nl)
Date: 07/22/02 

From: "herauth" <info.box@home.nl>
Date: Mon, 22 Jul 2002 11:22:36 +0200

Hi,

As soon as i installed my Webserver i received like those menioned incomming
trafic. And that from different ip's.
I kept a log and list and verified if their actions could effect in some
breach. But they seem to miss any coherency whatsoever. Hence, they do not
get in.
My firewall cannot block this, since they are 'valid' HTTP requests.

Sincerely,

Herauth

"Paul Hutchings" <paul.hutchings@gmx.netNOSPAM> wrote in message
news:Xns92529CEA7647Epaulhutchingsgmxnet@216.168.3.40...
> "karl [x y]" <jamescagney90210@excite.com> wrote in
> news:OHODfAMMCHA.1576@cpimsnntpa03:
>
> > See the previous post titled "black ice vs. sygate." I don't believe
> > you need to open port 80 for blackice, and I think this could possibly
> > be the problem. I definitely recommend installing URLscan which comes
> > with the free IISlockdown tool from www.microsoft.com/security [in
> > addition to BID]. [also check out and follow the securing windows and
> > IIS checklists there if you haven't already].
>
> Well, without opening port 80 in BID no-one can get to my port 80. On the
> real machines I'd have urlscan installed, the idea is that something like
> BID might have given a bit better idea of the dodgy URLs people were
trying
> that URLScan may not have known about, without me having to pick through
> the IIS logfiles.
>
>
> --
> Paul Hutchings
> ****Remove NOSPAM when replying****

Relevant Pages