[40538] in North American Network Operators' Group
Re: Code Red 2 cleanup; reporting..
daemon@ATHENA.MIT.EDU (mike harrison)
Sat Aug 11 16:30:01 2001
Date: Sat, 11 Aug 2001 16:29:19 -0400 (EDT)
From: mike harrison <meuon@highertech.net>
To: "Steven M. Bellovin" <smb@research.att.com>
Cc: Etaoin Shrdlu <shrdlu@deaddrop.org>, Nanog <nanog@merit.edu>,
"nbuck@chatt.net" <nbuck@chatt.net>
In-Reply-To: <20010810072949.B64DD7B4B@berkshire.research.att.com>
Message-ID: <Pine.LNX.4.10.10108111627470.16745-100000@home.highertech.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
> >on a firewall to a server supposedly only running
> >the latest CITRIX on Port 80 (why 80? Don't ask me?)
> >and the high paid out of town consultants swearing they
> I've seen a report that the patch is not fully effective -- see
> http://archives.neohapsis.com/archives/incidents/2001-08/0218.html.
Turns out that because they had not installed IIS, they did not patch the
system....
Then when they installed Citrix, it installed IIS.
After looking around, it seems a LOT of 'other' software
installs IIS when no-one is looking.
