[40516] in North American Network Operators' Group
Re: Code Red 2 cleanup; reporting..
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Fri Aug 10 20:50:51 2001
From: "Steven M. Bellovin" <smb@research.att.com>
To: Roeland Meyer <rmeyer@mhsc.com>
Cc: Nanog <nanog@merit.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 10 Aug 2001 20:50:19 -0400
Message-Id: <20010811005019.D12787B4B@berkshire.research.att.com>
Errors-To: owner-nanog-outgoing@merit.edu
In message <EA9368A5B1010140ADBF534E4D32C728025B06@condor.mhsc.com>, Roeland Me
yer writes:
>
>> So -- if he wasn't running IIS, what was he running?
>
>Win2K boxen are ALWAYS running IIS. It doesn't matter whether you have Pro
>or Server. ALL Win2K systems need to run the patch. MSFT chose to integrate
>much of the IIS stuff into DLLs with other system critical stuff. As a
>result, IIS can't be completely removed without killing off other critical
>functions. Yes, what they proved in court is even more true with Win2K than
>with Win98 (Duh! MSFT didn't lie, but they didn't tell the whole truth
>either). WinXP is even more in that direction, from all reports.
I think you're confusing IIS with Internet Explorer. And Microsoft
denies that it's installed by default on Win2K Professional -- see
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-033.asp
XP Beta 2 does have IIS by default; XP RC1 and RC2 do not.
I can't be sure they're telling the whole truth; I can tell you that
the two Win2K boxes I sometimes use are not listening to anything on
port 80.
>
>BTW, is any motion happening, in the direction of finding the author(s)? I'd
>like to personally thank them, with a new neck-tie. The other end is
>attached to a huge California oak tree.
>
Not that I've heard.
--Steve Bellovin, http://www.research.att.com/~smb
