[LINK] More IIS Horror Stories
Damien Miller
djm@mindrot.org
Mon, 5 Nov 2001 11:41:40 +1100 (EST)
On Sun, 4 Nov 2001, Malcolm Miles wrote:
> On Sun, 4 Nov 2001 17:55:21 +1100, you wrote:
>
> >To see for ourselves how long a default installation of IIS would last in
> >the wild, eWeek Labs connected a fresh install of Windows 2000 Server to
> >the outside Internet.
> >
> >....in the last 10 minutes of the download, we
> >were infected with Nimda twice-once from two different servers and several
> >times by our own server reinfecting itself.
> >
>
> So they connected an operating system with a known vulnerability to
> the Internet where packets exploiting the vulnerability are running
> rampant and the server got infected. Well surprise, surprise. Exactly
> what was this outstanding bit of research meant to tell us?
That W2k won't even last long enough to download the patches you need
to make it secure.
-d
--
| By convention there is color, \\ Damien Miller <djm@mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)