On Sat, Aug 11, 2001 at 07:40:03PM -0700, Timothy Bolz wrote:
>
>Robert at VOS told me The CodeRed is affecting Linux and FreeBSD and some
>other Unixes. I tend not to believe him untill I have some facts. He said I
>haven't done my research. I thought someone on the list would know.
CodeRed attempts to exploit a specific fault of M$ IIS webserver, which does
not run on either of those platforms; it also affects the web-administration
server in some Cisco porducts. We have seen numerous probes against
our Apache servers at efn, none of them resulting in any manner of exploit.
It does "affect" these servers in that the probes uselessly suck up bandwidth,
but it does not provide an attacker with any access he would not otherwise get.
--
Better to teach a man to fish than to give him a fish. And if he can't
be bothered to learn to fish and starves to death, that's a good enough
outcome for me.
-Steve VanDevender, 1 May 2000
