Rafael 'Dido' Sevilla wrote:
> Absolutely. Code Red targets a buffer overflow vulnerability in
Microsoft
> IIS servers. Since you run apache, it does nothing to you, other
> than annoy your server. Forget about it, unless it REALLY floods
> your logs and DoSes you that way... :)
>
For any network with less than a T1 connection to the Net, even a single
machine infected with code red can wreak havoc.
We were complacent at UP Manila, since we thought no one had installed
IIS 4 or 5 on their machines. Then on Aug. 6 xenos told me that data
traffic had started to climb on the outgoing leased line until it had
totally saturated it. The amount of saturation was such that even
incoming mail was being delayed.. and of course outgoing mail was backed up.
The culprit turned out to be a single Win2k machine installed with
default settings, which meant of course, an unpatched IIS server was
running. Win2k installs this and runs this without telling the user.
xenos and I wanted to sledgehammer the machine but instead, he just
unplugged it from the network and switched it off. Bandwidth traffic
dropped dramatically after that. QED.
It pisses me off that the highly publicized solution to Code Red is to
"install a patch" on IIS. The REAL Solution is not to use IIS in the
first place. Use Apache, or better yet, Linux AND Apache.
--
Inocencio Daniel Cortes Maramba, MD |http://upcm.net/%7eidcm/
Assistant Professor, Medical Informatics Unit|"Insert witty saying here"
College of Medicine |[EMAIL PROTECTED]
University of the Philippines Manila |"Dude, that kicks ass!"
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
