[39726] in North American Network Operators' Group
Re: Code Red on dial-in ppp
daemon@ATHENA.MIT.EDU (Mitch Halmu)
Sat Jul 21 12:41:03 2001
Date: Sat, 21 Jul 2001 12:36:49 -0400 (EDT)
From: Mitch Halmu <mitch@netside.net>
To: "Jason A. Mills" <phyxis@rottweiler.org>
Cc: nanog@merit.edu
In-Reply-To: <Pine.BSF.4.21.0107210926250.22854-100000@shell3.ba.best.com>
Message-ID: <Pine.SOL.3.91.1010721122859.2647u-100000@sunny.netside.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, 21 Jul 2001, Jason A. Mills wrote:
> I'm not sure I see why a POTS PPP link, or some other slow(er) on demand
> link might stop CodeRed. The first-pass payload is under 4096 bytes
> including framing, not exactly something you need a lot of low-latency
> bandwidth to push through. :-/
>
> -J
The problem I described is that the Windows machines in question are not
necessarily dedicated web servers, but can be regular dial-in users.
Normally, such users don't run a web server over dial-up, yet they seem
to be vulnerable if the attack occurs while they're connected. No relation
to the connection bandwidth was implied.
--Mitch
NetSide
