I am VERY glad to hear that nobody here is recommending running IIS as a "FIX" to code red or any other vulnerability in the iMail Web Service, as John Tolmachoff's email eluded to (below). As an evaluator of this product, it scares me when people start talking about absurd work arounds like this IIS one that was stated. Given the context of the original message thread, I had assumed this "gem" of a fix actually came from IPSwitch.
While there are always Firewalls, Packet QoS Filtering Devices, etc., and I sincerely hope that everyone here runs those devices using best practices and procedures, it does not alleviate a companies responsibility to secure their own products and ensure proper functionality and stability. It's beginning to sound like IPSwitch may have some problems with their Web Server's implementation that needs some attention. While a true DDoS attack can cripple most servers, the one described here was merely Code Red scans at 2-3 minute increments. Yes the server admin in question SHOULD have setup their firewall to address the problem, but clearly if IMail crashes at that low a level of scans, it has some problems that need fixin'. -----Original Message----- From: [EMAIL PROTECTED] [mailto:IMail_Forum-owner@;list.ipswitch.com]On Behalf Of Eric Shanbrom Sent: Wednesday, October 23, 2002 2:56 PM To: [EMAIL PROTECTED] Subject: Re: [IMail Forum] IWEBMSG: 'no action has been taken' I only have a guess as to what MS eventually did. But Code Red slams your box several times a second--not every few minutes --effectively creating a DoS attack. I _think_ that IIS either refuses connections from that IP for a certain period of time or that it just refuses to answer the request. No one here (to my knowledge, and I hope) ever recommended to run IIS to eliminate one of these attacks. These will look like a DoS attack and the only way to eliminate them is to get the IP from the Web Messaging log and then block it at the router or firewall. Eric S ----- Original Message ----- From: "Dave Koontz" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 23, 2002 12:20 PM Subject: RE: [IMail Forum] IWEBMSG: 'no action has been taken' > That is even more disturbing, to be forced to run IIS to fix a bug in > iMail??? What if I don't want IIS and it's own security shortcomings on the > mail server? > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:IMail_Forum-owner@;list.ipswitch.com]On Behalf Of John Tolmachoff > Sent: Wednesday, October 23, 2002 11:00 AM > To: [EMAIL PROTECTED] > Subject: RE: [IMail Forum] IWEBMSG: 'no action has been taken' > > > I have seen mention on this forum before of a suggestion to run IIS on port > 80 and set up a .asp page that does a redirect to the off port that you set > for Imail. The thought behind this is IIS is much stronger to handle code > red attacks and such. > > If you search the archives, I am sure you will be able to find it, or > someone might post more information about that redirect. > > John Tolmachoff > IT Manager, Network Engineer > RelianceSoft, Inc. > Fullerton, CA 92835 > www.reliancesoft.com > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
