Re: An extra line of defense for you IIS-types

Tue, 14 Aug 2001 10:34:11 -0700 

Has anyone else tried this?  What's the potential downside?   I tried in on
several machines and the log entries for Code Red attempts went from about 1
per minute down to zero.

tom
www.basic-ultradev.com

"Rick Osborne [Mojo]" <[EMAIL PROTECTED]> wrote in message
000101c12414$39519bc0$[EMAIL PROTECTED]">news:000101c12414$39519bc0$[EMAIL PROTECTED]...
> Rick OsborneI realize this is a bit off-topic, but ...
>
> I spent a few hours last week going through logs in an attempt to analyze
> how much we were affected by Code Red, even though we were never actually
> vulnerable.  (We have a guy here who is a patch zealot.)  I was just
curious
> to see how many times we'd been hit, etc.  I couldn't find a single
attempt
> in any of our log files.  I thought this odd until I remembered that Code
> Red, and most automated exploit tools like it, connects to the IP address
of
> the machine, not the host name.  That is, they don't provide a Host
header,
> so IIS simply returns the "no web site configured for this address" error.
> All of our sites are virtual and therefore require Host headers.  One of
the
> items on our checklist for setting up servers is to disable/delete (good
> luck, it keeps coming back) the Default Web Site and make sure that you
> *cannot* access the site via an IP.  It was just paranoia a few years ago
> when we started doing it, but I'm beginning to think it might actually be
A
> Good Practice now.
>
> Yes, yes, I know the argument against it: if your DNS goes toasty how do
you
> access the site (use your local host config into fooling your browser into
> thinking it went through DNS) and what about ancient browsers that don't
use
> Host headers?  I don't have an answer for that second one ... our
WebTrends
> reports tell us that non-4.0+ browsers account for a fraction of a percent
> of traffic on our sites, so we can get away with it.  YMMV.
>
> Just food for thought.
>
> --
> Rick Osborne




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Reply via email to