As soon as CERT released info on the IIS exploit, before Code Red, we yanked all our IIS servers down. We are moving those vhosts back to OpenLinux-Apache/FrontPage.

-----Original Message----- From: George William Herbert [mailto:gherbert@retro.com] Sent: Monday, July 23, 2001 2:04 PM To: nanog@merit.edu Cc: gherbert@gw.retro.com Subject: *.mil:80 disconnected in self-defense?

I have a report that .mil disconnected port 80 traffic from outside hosts, and possibly some other stuff, in response to DOS attacks last week.

There was some discussion on the inetproviders list this morning on the topic, and then I asked someone inside who confirmed the cutoff and said there's a DISA alert and operational bulletin about it.

It seems to be Just One of Those Months.

-george william herbert gherbert@retro.com