RE: Code Red 2 cleanup; reporting..
From: Steven M. Bellovin [mailto:smb@research.att.com] Sent: Friday, August 10, 2001 12:32 AM
In message <3B7360B4.71755CA7@deaddrop.org>, Etaoin Shrdlu writes:
Spent nearly two days convincing someone who was managing a server that he
thing that sucks is that he KNEW he couldn't be a problem, since he wasn't running IIS. I had the packet captures and obvious grabs for
So -- if he wasn't running IIS, what was he running?
Win2K boxen are ALWAYS running IIS. It doesn't matter whether you have Pro or Server. ALL Win2K systems need to run the patch. MSFT chose to integrate much of the IIS stuff into DLLs with other system critical stuff. As a result, IIS can't be completely removed without killing off other critical functions. Yes, what they proved in court is even more true with Win2K than with Win98 (Duh! MSFT didn't lie, but they didn't tell the whole truth either). WinXP is even more in that direction, from all reports. BTW, is any motion happening, in the direction of finding the author(s)? I'd like to personally thank them, with a new neck-tie. The other end is attached to a huge California oak tree.
BTW, is any motion happening, in the direction of finding the author(s)? I'd like to personally thank them, with a new neck-tie. The other end is attached to a huge California oak tree.
http://www.wired.com/news/technology/0,1282,45956,00.html Mike
On Fri, 10 Aug 2001, Roeland Meyer wrote:
Win2K boxen are ALWAYS running IIS. It doesn't matter whether you have Pro or Server. ALL Win2K systems need to run the patch. MSFT chose to integrate much of the IIS stuff into DLLs with other system critical stuff. As a result, IIS can't be completely removed without killing off other critical functions. Yes, what they proved in court is even more true with Win2K than with Win98 (Duh! MSFT didn't lie, but they didn't tell the whole truth either). WinXP is even more in that direction, from all reports.
I admit to knowing very little about Win2k, but on the only box I've installed Win2k on, it doesn't *appear* to be running: Port State Protocol Service 135 open tcp loc-srv 139 filtered tcp netbios-ssn 445 open tcp microsoft-ds 1025 open tcp list ...unless it runs on one of those 3 other open ports? This was Win2k Client, not server, BTW...perhaps you mean every Win2k Server? James Smallacombe PlantageNet, Inc. CEO and Janitor up@3.am http://3.am =========================================================================
participants (3)
-
Mike Lewinski
-
Roeland Meyer
-
up@3.am