In my experience software firewalls are not the best for coporate office
use, while I do recommend Zone Alarm from Znoe Labs over BlackIce and use it
a home, I do not care for either one bit in an office environment and would
good the hardware route myself. As far as firewalls not protecting, well
from a hosting and web server perspective we have to leave port 80 open
going to IIS , and I believe that is exactly how machines are getting
infected by the infected machines sending maligned requests containing the
worm as their payload that is sent to IIS on port 80 the same way your
browser sends its request to load the data and graphics. IIS attempting to
sort and serve on that page reads and loads what gets sent into memory and
then your started. If your not running IIS a serving requests then its
possible your software firewall will kill it since you don't have that
socket open for access.
Dunno, I could be completely off base here..but it sounds like what is
happening to me..
Anyhow...we got hit on the first wave about a week before the news ran with
the story, and we luckily found out what was going on and were patched up
before it really broke out, and well before II, thanks in large part to the
good people who gave heads up on THIS list.
-Chh2
----- Original Message -----
From: "Archer Koch (Win & Ware)" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 08, 2001 2:43 AM
Subject: RE: [imail] Code Red II
> My sincere apologies for contributing to this off-the-topic-of-this-list
> issue... but for what it's worth, my first line of defense all along
> has been my firewall (BlackICE), which immediately started defending
> against these attacks (Code Red & Code Red II) before I even knew about
> the patch (or Code Red, for that matter). There are about a gazillion
> or two attempted attacks recorded in the last week alone (maybe even
> three) -- but none successful! Since I haven't heard anyone discussing
> the obvious firewall defense, I'm just wondering why (apparently) other
> people's firewalls aren't blocking these attacks? You ARE employing a
> firewall, aren't you? (that's somewhat of a rhetorical question)
>
> Archer
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> mustafa
> Sent: Tuesday, August 07, 2001 11:13 PM
> To: [EMAIL PROTECTED]
> Subject: [imail] Code Red II
>
> Guys I had the security patch for code red worm and I survivde, but my
> servers are infected with the new worm II while I got the security
> patch, I thought I'm safe cause I've read the article on eeye.com and
> security.com saying that if u got the security patch ur safe from worm
> II which is not true at all
>
> Regards
> Mustafa
>
>
>
>
> ______________________________________________________________________
> The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
> Questions, Comments or Complain like Hell.. mailto:[EMAIL PROTECTED]
> Message Archive... http://www.tallylist.com/archives/index.cfm/mlist.4
> To Manage your Subscription......... http://humankindsystems.com/lists
>
______________________________________________________________________
The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
Questions, Comments or Complain like Hell.. mailto:[EMAIL PROTECTED]
Message Archive... http://www.tallylist.com/archives/index.cfm/mlist.4
To Manage your Subscription......... http://humankindsystems.com/lists
