RE: CR II - winME? confirmation?

From: Gregory_DeGennaroat_private
Date: Mon Aug 06 2001 - 09:08:23 PDT

  • Next message: Johnson, Michael: "RE: Code red II crashes cisco 678"

    Oliver,
    
    This is a standard attack pattern from the worm.  Check your system for
    either the ida.dll or the idq.dll.  If you do not have either of these dll
    files then do not worry about it.   Plus, you need to have Internet service
    running on your box.  I have not seen anyone who has been infected by this
    worm 
    using a Windows 9x or ME machines.  I do not have these services running and
    I have
    recieved 306 attacks in 22 hours from the worm on my *nix firewall.
    
    Steve Gibson's theory is not as scary as it seems.  *nix has been using raw
    sockets for years.  The real issue here, is never place a windows machine
    directly on the Internet without maintaining it properly.  I would place
    a good hardened firewall in front of any Microsoft machine before connecting
    to the Internet.
    
    Greg
    
    PS- What does not make sense in the article
    
    -----Original Message-----
    From: Petruzel, Oliver [mailto:OliverPat_private]
    Sent: Monday, August 06, 2001 8:01 AM
    To: VULN-DEVat_private
    Subject: CR II - winME? confirmation?
    
    
    ok, this makes no sense, and ive only see it one place:
    
    http://www.securitynewsportal.com/article.php?sid=1367
    
    I'm just wondering if this is popping up anywhere else.  If it is, then it
    cant be CR2 as we know it, and it opens up a can of worms that is scary.
    Similar even, to Steve Gibson's prediction that a consumer based OS with a
    big hole would do serious damage.
    
    but again, since IIS is CR, then this was either a big fat anaonymous lie,
    or something different.  Anyone seen any discussion on this?
    
    -o.p.
    



    This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 10:48:26 PDT