In message <Pine.LNX.4.10.10108100034440.14898-100000@home.highertech.net>, mik e harrison writes:
Spent nearly two days convincing someone who was managing a server that he was beating up machines all over the company. It finally took someone at
Tonight, 20 minutes after openning up port 80 on a firewall to a server supposedly only running the latest CITRIX on Port 80 (why 80? Don't ask me?) and the high paid out of town consultants swearing they had applied the appropriate patches and were safe, they are now broadcasting out the latest CodeRed style worm.
I got some nice sniffit captures from my Linux firewall though.. this morning will be interesting. I wonder how they like their crow served.
I've seen a report that the patch is not fully effective -- see http://archives.neohapsis.com/archives/incidents/2001-08/0218.html. That was on incidents.org last night, but it's gone this morning, so maybe that claim isn't accurate. --Steve Bellovin, http://www.research.att.com/~smb
on a firewall to a server supposedly only running the latest CITRIX on Port 80 (why 80? Don't ask me?) and the high paid out of town consultants swearing they
I've seen a report that the patch is not fully effective -- see http://archives.neohapsis.com/archives/incidents/2001-08/0218.html.
Turns out that because they had not installed IIS, they did not patch the system.... Then when they installed Citrix, it installed IIS. After looking around, it seems a LOT of 'other' software installs IIS when no-one is looking.
Unnamed Administration sources reported that mike harrison said:
Turns out that because they had not installed IIS, they did not patch the system....
Then when they installed Citrix, it installed IIS.
After looking around, it seems a LOT of 'other' software installs IIS when no-one is looking.
Like Front Page ;-? Isn't it nice that M$ is so helpful? -- A host is a host from coast to coast.................wb8foz@nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433
participants (3)
-
David Lesher
-
mike harrison
-
Steven M. Bellovin