|
-
August 7th, 2001, 05:07 PM
#16
I use charterpa cable service. Below is part of the reply I recieved when questioning the probes to port 80 going from an avgerage of 4 per day to over 150 a day (not counting probes to other ports).
Thanks for your concern.
Our servers are not vulnerable to the Code Red worm since we do not use NT.
Unfortunately, people probing ports is simply part of being on the Internet. If we were to block the ports you listed, our customers would not be able to surf the web and perform DNS lookups (which your computer does without notifying the user).
I hope this helps to clear things up.
XXXXXXX
Senior Systems Administrator - Charter Business Networks
Yes Senior... clear as mud...
------------------
Si Hoc Legere Scis Nimium Eruditionis Habes.
(translation: If you can read this you're
overeducated)
Si Hoc Legere Scis Nimium Eruditionis Habes.
(translation: If you can read this you're
overeducated)
-
August 7th, 2001, 05:11 PM
#17
Try here: http://www.webopedia.com/TERM/I/IIS.html
Originally posted by JoeHenry:
Zipulrich, what is IIS? I have @home but in the dark about IIS. I had over 300 hits over a 3 day period. I sent the list to @home but don't know if that was the right thing to do or not. Thanks for the info. Joe
I just found and reviewed Johnny Canucks post and answers for IIS. Sorry to bother again. Thanks, Joe
I finally got my head together, now my body is falling apart.
-
August 7th, 2001, 05:14 PM
#18
Here is what Road Runner sent us in the Ohio area last night. (8/6)
ROAD RUNNER ALERT
VIRUS ALERT. YOUR IMMEDIATE ACTION IS REQUIRED.
Dear Road Runner Subscriber:
Road Runner, like many other ISPs and indeed the entire Internet, has
today experienced an attack on its network which is apparently
attributeable to the Code Red virus. It is possible that this virus has
infected the PC's of Road Runner's subscribers using the Microsoft
Windows NT or Microsoft Windows 2000 operating systems. Infected PC's
may continue to flood the Internet and Road Runner's network with virus
generated messages (even without your being aware of it).
Road Runner is working to alert all of its subscribers to this problem
and to instruct them on where to find and install the patch necessary to
eliminate the virus. In the meantime, Road Runner subscribers may
experience slow network response, flashing connectivity lights on the
cable modem, and other symptoms (such as unusual port scan log activity
or increased firewall activity) while Road Runner and the Internet
community work to control the impact of this virus.
IF YOUR PC IS RUNNING WINDOWS 2000 OR WINDOWS NT, PLEASE IMMEDIATELY
DOWNLOAD THE CODE RED PATCH FROM MICROSOFT'S WEBSITE
(www.microsoft.com/security) AND RESTART YOUR PC.
IF YOUR PC IS RUNNING WINDOWS 98, WINDOWS 95, OR WINDOWS ME, OR IF YOUR
ARE A MACINTOSH USER, NO ACTION IS REQUIRED ON YOUR PART.
We ask for your patience while Road Runner continues to work with the
Internet community to address this virus.
Thank you.
Road Runner Security
[This message has been edited by Ed S (edited 08-07-2001).]
HP Pavilion XH485 notebook, 1.0GHz AMD Athlon™ 4, 256MB RAM, 30 GB hard drive
HP Pavilion 7955 PC, 1.5GHz Intel® Pentium® 4, 256MB RAM, 40GB hard drive
-
August 7th, 2001, 06:14 PM
#19
Well, we seem to be back up to speed out here. Would have been nice if they would take the time to notify people as Ed S posted. Too lazy?
------------------
SMILE
and post back
[ Book mark this post to find it again]
-
August 7th, 2001, 07:52 PM
#20
(IIS is Microsoft's Internet Information Server - works with NT and Win2K)
Well, I just mailed them my log of this afternoon - 247 probes. Looking through them, most are from users, not @Home's own servers.
On the phone with them last night, they seemed real eager to rid their customers of CodeRed. It was their suggestion to e-mail them the firewall logs.
Perhaps the task seems too overwhelming today...........
-
August 7th, 2001, 07:55 PM
#21
Just received this:
Dear Zip Ulrich,
It appears that you are reporting receiving traffic that is related to
the Code Red virus.
If you are receiving 'get' command strings from an @Home user or users,
directed at port 80, it is likely that that originating machine has been
compromised by the Code Red virus. One of the effects it has is to
cause infected machines to search for other machines that would be
exploitable. Machines that are running unpatched versions of Windows NT
Server or 2000, with a Web Server and IIS (Microsoft Index Server 2.0 or
Indexing Service in Windows 2000) are vulnerable to this exploit. If
you are NOT running this OS and services, your computer is not subject
to this particular compromise. For more information on this situation,
point your browser here:
http://www.microsoft.com/technet/sec...n/MS01-033.asp http://news.excite.com/news/ap/010805/20/code-red http://news.cnet.com/news/0-1003-201-6625599-0.html
If you have are running this Operating System, Microsoft suggests that
you obtain and run the patch as soon as possible:
For Windows NT: http://www.microsoft.com/Downloads/R...eleaseID=30833
For Windows 2000: http://www.microsoft.com/Downloads/R...eleaseID=30800
The @Home Network is currently working on proactive measures to respond
to this situation. You should see this activity cease from @Home
subscribers in the near future. Thank you for your report.
The @Home Network Policy Management Team
Well, whatever..............
[This message has been edited by zipulrich (edited 08-07-2001).]
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
