Hi Terry,
Perhaps you're not familiar with CodeRed or the HTTP protocol
very well, but your statement makes no sense. Code Red is nothing more
than a malformed HTTP post to a webserver. While Imail is not
vulnerable to the attack itself (it never was to begin with, the attack
was made for IIS), it does start having performance issues when
malformed posts are made to the server.
I'm assuming from your statements that your network is rather
small, our firewall cuts out 90% of the 'junk' coming into our network,
but with almost 90MBPS of traffic coming in, you'll find an in depth
inspection of every packet has considerable network performance effects
and there's a line that needs to be drawn on what's rejected.
What I can tell you is that we have several software packages
(Imail, IIS, Apache, Statistics software, etc) that are open on the
internet with NO problems, however Imail continues to have these issues.
It's black and white that it is a software-related issue.
-Mark
-----Original Message-----
From: Smart Business Lists [mailto:ourlists@;int04.smartbusiness.net]
Sent: Wednesday, October 23, 2002 2:04 PM
To: Mark McDonald
Subject: Re: [IMail Forum] IWEBMSG: 'no action has been taken'
Mark,
Wednesday, October 23, 2002 you wrote:
MM> As I brought out in another Email, in our particular case it's 1
MM> request per 2-3 minutes (I don't consider that NEAR a DOS attack).
MM> The total bandwidth to that machine is relatively low, under 10k/s.
MM> It's not like there's 10MBPS of code-red attacks coming in, then I
MM> might understand where they are coming from.
I don't see what difference the frequency makes.
Now if you think these are originating inside your network then
that's another thing entirely but I thought they were coming in
from the Internet.
If that's the case and if your web mail is on the internet then
you cannot use the application itself to prevent such requests.
IPSWITCH's web server is not vulnerable to code red so they've
done their part in that regard.
If you are going to stop the code red attacks you have to stop
them above the application.
I understand your frustration but I don't understand at all how
you can blame Ipswitch. Sorry.
Terry Fritts
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
