Re[2]: Microsoft IIS
All Right: DBA: 1 Damanagement: 0 Reply Separator Author: "Luis DeUrioste" <[EMAIL PROTECTED]> Date: 7/24/2001 11:55 AM Thanks that was me, since then they decided that Apache was just fine. Tavo [EMAIL PROTECTED] wrote: > Someone, I don't remember who, posted a question a week of so ago about > connecting to Oracle IAS via IIS instead of the provided Apache server because > there damagement was afraid about being hacked. Well, pass the following along > to damagement & ask them again what they want to do: > > ** Internet Goes Red > > The "Code Red" worm ripped through Internet servers like no other > previously unleashed piece of malicious code. "We are witnessing > Internet history," says Chris Rouland, director of Internet > Security Systems X-Force, which tracks Internet vulnerabilities. > Based on reports, Code Red has infected over 225,000 servers. > > The worm enters the targeted server through port 80. If the host > is running Microsoft IIS, the worm executes a malformed HTTP > "get" request to try to run a buffer overflow against the > Microsoft IIS Indexing Service dynamic-link library. Once the > worm successfully exploits the target, it starts searching for > new servers to infect, and the compromised Web site is defaced. > > Code Red's ultimate target was Whithouse.gov. The worm was set to > attack the White House Web site July 20 by unleashing a torrent > of traffic at the site. According to Rouland, the White House > managed to avoid the attack by switching the site's IP address. > He says the author of Code Red made a critical design flaw by > hard-coding the White House's IP address. "That won't happen next > time," he warns. > > When the ILoveYou virus struck last year, many copycats struck in > the following weeks. "I wouldn't be surprised to see many, many > copy cats of this worm," he says. In fact, reports started > surfacing Friday afternoon on security mailing list Bugtraq that > several versions may already be loose. > > An explanation of, and patch for, the IIS buffer overflow > vulnerability is available at > http://update.informationweek.com/cgi-bin4/flo?y=eD2T0BdFGA0V20QKW0AK > > Has this one bit you? Tell other IT folks what you're doing to > combat the problem in the Listening Post > http://update.informationweek.com/cgi-bin4/flo?y=eD2T0BdFGA0V20Nmm0AD > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: > INET: [EMAIL PROTECTED] > > Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 > San Diego, California-- Public Internet access / Mailing Lists > > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). Luis_deUrioste.vcf
Re: Microsoft IIS
Thanks that was me, since then they decided that Apache was just fine. Tavo [EMAIL PROTECTED] wrote: > Someone, I don't remember who, posted a question a week of so ago about > connecting to Oracle IAS via IIS instead of the provided Apache server because > there damagement was afraid about being hacked. Well, pass the following along > to damagement & ask them again what they want to do: > > ** Internet Goes Red > > The "Code Red" worm ripped through Internet servers like no other > previously unleashed piece of malicious code. "We are witnessing > Internet history," says Chris Rouland, director of Internet > Security Systems X-Force, which tracks Internet vulnerabilities. > Based on reports, Code Red has infected over 225,000 servers. > > The worm enters the targeted server through port 80. If the host > is running Microsoft IIS, the worm executes a malformed HTTP > "get" request to try to run a buffer overflow against the > Microsoft IIS Indexing Service dynamic-link library. Once the > worm successfully exploits the target, it starts searching for > new servers to infect, and the compromised Web site is defaced. > > Code Red's ultimate target was Whithouse.gov. The worm was set to > attack the White House Web site July 20 by unleashing a torrent > of traffic at the site. According to Rouland, the White House > managed to avoid the attack by switching the site's IP address. > He says the author of Code Red made a critical design flaw by > hard-coding the White House's IP address. "That won't happen next > time," he warns. > > When the ILoveYou virus struck last year, many copycats struck in > the following weeks. "I wouldn't be surprised to see many, many > copy cats of this worm," he says. In fact, reports started > surfacing Friday afternoon on security mailing list Bugtraq that > several versions may already be loose. > > An explanation of, and patch for, the IIS buffer overflow > vulnerability is available at > http://update.informationweek.com/cgi-bin4/flo?y=eD2T0BdFGA0V20QKW0AK > > Has this one bit you? Tell other IT folks what you're doing to > combat the problem in the Listening Post > http://update.informationweek.com/cgi-bin4/flo?y=eD2T0BdFGA0V20Nmm0AD > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: > INET: [EMAIL PROTECTED] > > Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 > San Diego, California-- Public Internet access / Mailing Lists > > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). begin:vcard n:de Urioste;Luis Octavio tel;fax:850.455.0673 tel;work:850.457.3218 x-mozilla-html:FALSE org:Raytheon Aerospace;IT version:2.1 email;internet:[EMAIL PROTECTED] title:Systems Analyst adr;quoted-printable:;;250 San Carlos Road=0D=0ABuilding 1853 - UNFO;Pensacola;Florida;32534;U.S.A. fn:Luis Octavio de Urioste end:vcard
Microsoft IIS
Someone, I don't remember who, posted a question a week of so ago about connecting to Oracle IAS via IIS instead of the provided Apache server because there damagement was afraid about being hacked. Well, pass the following along to damagement & ask them again what they want to do: ** Internet Goes Red The "Code Red" worm ripped through Internet servers like no other previously unleashed piece of malicious code. "We are witnessing Internet history," says Chris Rouland, director of Internet Security Systems X-Force, which tracks Internet vulnerabilities. Based on reports, Code Red has infected over 225,000 servers. The worm enters the targeted server through port 80. If the host is running Microsoft IIS, the worm executes a malformed HTTP "get" request to try to run a buffer overflow against the Microsoft IIS Indexing Service dynamic-link library. Once the worm successfully exploits the target, it starts searching for new servers to infect, and the compromised Web site is defaced. Code Red's ultimate target was Whithouse.gov. The worm was set to attack the White House Web site July 20 by unleashing a torrent of traffic at the site. According to Rouland, the White House managed to avoid the attack by switching the site's IP address. He says the author of Code Red made a critical design flaw by hard-coding the White House's IP address. "That won't happen next time," he warns. When the ILoveYou virus struck last year, many copycats struck in the following weeks. "I wouldn't be surprised to see many, many copy cats of this worm," he says. In fact, reports started surfacing Friday afternoon on security mailing list Bugtraq that several versions may already be loose. An explanation of, and patch for, the IIS buffer overflow vulnerability is available at http://update.informationweek.com/cgi-bin4/flo?y=eD2T0BdFGA0V20QKW0AK Has this one bit you? Tell other IT folks what you're doing to combat the problem in the Listening Post http://update.informationweek.com/cgi-bin4/flo?y=eD2T0BdFGA0V20Nmm0AD -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Microsoft IIS
We were hit by it .. its a pain. -Original Message- Sent: Monday, July 23, 2001 11:47 AM To: Multiple recipients of list ORACLE-L Someone, I don't remember who, posted a question a week of so ago about connecting to Oracle IAS via IIS instead of the provided Apache server because there damagement was afraid about being hacked. Well, pass the following along to damagement & ask them again what they want to do: ** Internet Goes Red The "Code Red" worm ripped through Internet servers like no other previously unleashed piece of malicious code. "We are witnessing Internet history," says Chris Rouland, director of Internet Security Systems X-Force, which tracks Internet vulnerabilities. Based on reports, Code Red has infected over 225,000 servers. The worm enters the targeted server through port 80. If the host is running Microsoft IIS, the worm executes a malformed HTTP "get" request to try to run a buffer overflow against the Microsoft IIS Indexing Service dynamic-link library. Once the worm successfully exploits the target, it starts searching for new servers to infect, and the compromised Web site is defaced. Code Red's ultimate target was Whithouse.gov. The worm was set to attack the White House Web site July 20 by unleashing a torrent of traffic at the site. According to Rouland, the White House managed to avoid the attack by switching the site's IP address. He says the author of Code Red made a critical design flaw by hard-coding the White House's IP address. "That won't happen next time," he warns. When the ILoveYou virus struck last year, many copycats struck in the following weeks. "I wouldn't be surprised to see many, many copy cats of this worm," he says. In fact, reports started surfacing Friday afternoon on security mailing list Bugtraq that several versions may already be loose. An explanation of, and patch for, the IIS buffer overflow vulnerability is available at http://update.informationweek.com/cgi-bin4/flo?y=eD2T0BdFGA0V20QKW0AK Has this one bit you? Tell other IT folks what you're doing to combat the problem in the Listening Post http://update.informationweek.com/cgi-bin4/flo?y=eD2T0BdFGA0V20Nmm0AD -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Kevin Lange INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).