On Sat, 21 Jul 2001, Mitch Halmu wrote:
On Sat, 21 Jul 2001, Jason A. Mills wrote:
I'm not sure I see why a POTS PPP link, or some other slow(er) on demand link might stop CodeRed. The first-pass payload is under 4096 bytes including framing, not exactly something you need a lot of low-latency bandwidth to push through. :-/
The problem I described is that the Windows machines in question are not necessarily dedicated web servers, but can be regular dial-in users. Normally, such users don't run a web server over dial-up, yet they seem to be vulnerable if the attack occurs while they're connected. No relation to the connection bandwidth was implied.
Have you port scanned said users? You might be suprised how many dialup users are running httpd. And smtpd. And pop3d. And named. And, of course, an IRC bot...all usually on their windoze machines, because, like, they're really advanced users, see? Hint: These are often the same users you have to nag about continuous connections. James Smallacombe PlantageNet, Inc. CEO and Janitor up@3.am http://3.am =========================================================================