| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> (Fwd) code red in routers? / Re: NOVELL Digest ...
(fyi: follow up on the security/virus thread)
Date sent: Thu, 9 Aug 2001 20:06:18 -0400 Send reply to: Novell LAN Interest Group <NOVELL_at_LSV.SYR.EDU> To: Recipients of NOVELL digests <NOVELL_at_LSV.SYR.EDU>
>
> ------------------------------
>
> Date: Thu, 9 Aug 2001 09:08:52 +0100
> From: Mark Johnston <Mark.Johnston_at_ORANGE.NET>
> Subject: Re: Off-topic: Code Red outbreak in my office
>
> For clarification on the router/switch points, yes some HTTP managed devices
> are exposed.
>
> The reason behind this is companies like Cisco chose IIS to embed in their
> devices. These will come from the same source code that we are so glad has
> this buffer overrun vulnerability. However, the devices will not support the
> running of activex controls and such like, so the spreading from these
> devices is not possible.
>
> That said, I questioned what does happen when this IIS buffer overruns on a
> Cisco device. Of course it corrupts memory which then has the knock on
> effect of shutting down the switching/routing services of the device.
>
> This was not by design of the Code Red worm (AFAIK), but a side affect I am
> sure they are proud of.
>
> Kevin Parris, would you agree with this?
>
> So far, I have not seen this worm, however, one of our major switches shut
> down late Friday night without much explanation, which leaves me kinda
> worried. The nightmare was that it didn't failover as the other switch still
> believed it was up!!
>
> Mark.
>
>
> ----- Original Message -----
> > It can affect web (http) interfaces on switches, routers and terminal
> servers.
> > We had to turn off those options on all our switches and terminal servers
> to
> > keep our systems up. Terminal servers were freezing and the management
> modules
> > in the switches were going off-line. Not sure why - just know that it
> worked out
> > that way. Probably just the massive traffic pointed at those interfaces.
>
> > AND
>
> > While only IIS is susceptible to infection, it is not the only thing =
> > 'sensitive' to the worm activity. Certain routers have been reported to =
> > lockup when probed, requiring a power cycle to resume service; some proxy
> =
> > caching servers have been reported to choke due to the heavy traffic =
> > generated when a server "behind" them becomes infected; and there are =
> > other side effects.
>
> ------------------------------
>
...
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists --------------------------------------------------------------------To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Thu Aug 09 2001 - 20:06:18 CDT
 |
 |