Hi All, Thanks for the responses - I was overlooking something obvious :-p This raises another question, however: since ALL IIS5 and IIS4 servers are vulnerable, including those being used to run ‘personal’ sites from peoples homes, why hasn’t more emphasis been placed on telling those people to patch their systems? I just came across a situation today where one of my clients asked me to have a look at his home system since it was behaving rather strangely. Found out he was running W2K Pro w/ IIS installed (had a site running w/ pics of his family), and when I asked him if he’d patched it for the original CR he just gave a blank look – followed by “I though that was only for servers.” …I just about put my head through the wall. All my F/W’s have been logging over a 1000 HTTP events/day for the last few days, and I was going batty trying to figure out why it was so much worse this time round compared to the first CR. Well, if even half of the people out there running personal web sites from their home systems are under the same misguided impression this chap was under, then what I’m probably seeing in my logs isn’t just traffic from the new CR, but also from every home system that was infected by the CRv1,CRv2, CRv3….and however many more there might be. I’ve since informed all my clients (rather forcefully, if undiplomatically) that if their running IIS at home to take their systems off-line and format and re-install (since the new CR opens a backdoor to the system) and patch their systems before they put them back on-line. Are the people I’m dealing with particularly obtuse, or is this the prevailing attitude out there? And if so, then why aren’t the advisories (all flavours) being more emphatic at targeting the average home user, whose concept of what makes a server is rather “vague”? Regards, Amer Karim Nautilis Information Systems e-mail: amerkat_private, mamerkat_private
This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 17:46:30 PDT