nanog mailing list archives
Re: Code Red 2 cleanup; reporting..
From: Rafi Sadowsky <rafi-nanog () meron openu ac il>
Date: Tue, 14 Aug 2001 15:41:27 +0300 (IDT)
AFAIK ( Not that I'm a W2K expert ) W2K pro comes with IIS installed but but with the service disabled Unfortunately it seems that some SW installs enable IIS and/or the restore/recreate the .idq/.ida mappings without asking(or even notifying) (which is why removing those mappings isn't a replacement for the patch :-( ) - Rafi On Fri, 10 Aug 2001, Steven M. Bellovin wrote:
In message <EA9368A5B1010140ADBF534E4D32C728025B06 () condor mhsc com>, Roeland Me yer writes:So -- if he wasn't running IIS, what was he running?Win2K boxen are ALWAYS running IIS. It doesn't matter whether you have Pro or Server. ALL Win2K systems need to run the patch. MSFT chose to integrate much of the IIS stuff into DLLs with other system critical stuff. As a result, IIS can't be completely removed without killing off other critical functions. Yes, what they proved in court is even more true with Win2K than with Win98 (Duh! MSFT didn't lie, but they didn't tell the whole truth either). WinXP is even more in that direction, from all reports.I think you're confusing IIS with Internet Explorer. And Microsoft denies that it's installed by default on Win2K Professional -- see http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-033.asp XP Beta 2 does have IIS by default; XP RC1 and RC2 do not. I can't be sure they're telling the whole truth; I can tell you that the two Win2K boxes I sometimes use are not listening to anything on port 80.BTW, is any motion happening, in the direction of finding the author(s)? I'd like to personally thank them, with a new neck-tie. The other end is attached to a huge California oak tree.Not that I've heard. --Steve Bellovin, http://www.research.att.com/~smb
Current thread:
- RE: Code Red 2 cleanup; reporting.., (continued)
- RE: Code Red 2 cleanup; reporting.. Roeland Meyer (Aug 10)
- Re: Code Red 2 cleanup; reporting.. Mike Lewinski (Aug 10)
- RE: Code Red 2 cleanup; reporting.. up (Aug 10)
- RE: Code Red 2 cleanup; reporting.. Roeland Meyer (Aug 10)
- RE: Code Red 2 cleanup; reporting.. up (Aug 10)
- RE: Code Red 2 cleanup; reporting.. Tim Devries (Aug 10)
- RE: Code Red 2 cleanup; reporting.. Roeland Meyer (Aug 10)
- Re: Code Red 2 cleanup; reporting.. Eric A. Hall (Aug 10)
- Re: Code Red 2 cleanup; reporting.. Jon Allen Boone (Aug 11)
- Re: Code Red 2 cleanup; reporting.. Eric A. Hall (Aug 10)
- Re: Code Red 2 cleanup; reporting.. Steven M. Bellovin (Aug 10)
- Re: Code Red 2 cleanup; reporting.. Rafi Sadowsky (Aug 14)
- RE: Code Red 2 cleanup; reporting.. Roeland Meyer (Aug 12)
- RE: Code Red 2 cleanup; reporting.. Mark Radabaugh - Amplex (Aug 12)
- RE: Code Red 2 cleanup; reporting.. Roeland Meyer (Aug 10)