Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> re: code red

re: code red

From: Eric D. Pierce <PierceED_at_csus.edu>
Date: Wed, 08 Aug 2001 10:59:55 -0700
Message-ID: <F001.00364BC6.20010808110423@fatcity.com>

Kevin,

don't you loooooooooooooove Uncle Bill's Fine Software?

http://www.google.com/search?hl=en&safe=off&q=code+red

( http://www.securityfocus.com/headlines/12142 ,
  http://www.digitalisland.net/codered ,
  http://www.digitalisland.net/codered/CodeRed.pdf ,
  http://www.sans.org/newlook/home.htm ,
  http://www.incidents.org 

)

If you are on NT/Win2k server, join the WIN-NT list, and look through the recent web archives (see appended message).

   http://peach.ease.lsoft.com/archives/winnt-l.html

You should be able to subscribe to Microsoft security alerts so that you know what patches to apply before this kind of sh*t hapens?

Also, look at http://www.eEye.com/html

They are the guys the discovered and published the original vulnerability that Code Red exploits.

regards,
ep


> From: "Kevin Kostyszyn" <kevin_at_dulcian.com>
> Date: Tue, 7 Aug 2001 10:54:35 -0400
> Subject: Code Red

[via oracle-l digest]

> So does anyone know how to get rid of the virus if you got it?


---begin appended---

Date: Wed, 8 Aug 2001 18:57:15 +0200
Sender: Windows NT/2000 Discussion List <WINNT-L_at_PEACH.EASE.LSOFT.COM>

> I do not know how many of you read security bulletins but .ida and
> .idq vulnerabilities are not new to windows 2000 or IIS. My servers
> have been patched against .ida and .idq vulnerabilities for over a
> year and a half and it boggles me that there are hundreds and
> thousands (178,000 reported infected by CNN) of servers out there
> who have not done a simple thing such as remove the .idq and .ida
> mappings from their webs or who were too lazy to apply a patch that
> takes 5 minutes out of their day.
>
> This is listed in the IIS security checklist and has been so for a
> long time (approx 16 months +)
>
> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/ itsolutio
>ns/security/tools/iis5chk.asp
>
> (url may be wrapped)
>
> Quite honestly the Indexing Service on Windows 2000 is pretty
> useless and puts an enormous amount of overhead onto servers
> running websites. So .... best fix is to "uninstall" the indexing
> service then you are truly patched and never have to worry when you
> hear the word "Code Red". There are also a lot of other extension
> mappings in IIS that are there by default and should also be
> removed if you are not using them, like .shtml .stm .shtm .idc
> .printer .htr .htw and don't forget .ida and .idq
>
> If you truly need the index server extensions in your web then so
> be it. But make sure that you are patched and that you periodically
> check that all your patches are installed and working ..... a full
> time job .. yes, but hey ... you wanna run web servers you gotta
> work hard to keep intruders out !! This means you have to install
> "all" microsoft patches relevant to your server. It is also
> suggested to install these within hours of their release .... don't
> wait to do it later cause you'll just forget to do it at all and
> eventually get nailed.
>
> Just my 10 cents worth :-) ..... Use it .. don't use it ... your choice.
>
> Regards
> Mitch
>
> --------------------------------------------------------------------------
> The WINNT-L list is hosted on a Windows NT(TM) machine running L-Soft
> international's LISTSERV(R) software. For subscription/signoff info
> and archives, see http://peach.ease.lsoft.com/archives/winnt-l.html .
> COPYRIGHT INFO:
> http://peach.ease.lsoft.com/scripts/wa.exe?SHOWTPL=COPYRIGHT&L=WINNT-L

---end---

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Eric D. Pierce
  INET: PierceED_at_csus.edu

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Wed Aug 08 2001 - 12:59:55 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US