[40552] in North American Network Operators' Group
RE: Code Red 2 cleanup; reporting..
daemon@ATHENA.MIT.EDU (Mark Radabaugh - Amplex)
Sun Aug 12 12:57:28 2001
From: "Mark Radabaugh - Amplex" <mark@amplex.net>
To: <nanog@merit.edu>
Date: Sun, 12 Aug 2001 12:56:56 -0400
Message-ID: <GCEEKJFMELAOEDFALPMNIEGPCFAA.mark@amplex.net>
In-Reply-To: <EA9368A5B1010140ADBF534E4D32C728025B17@condor.mhsc.com>
Errors-To: owner-nanog-outgoing@merit.edu
Interestingly enough it seems Microsoft's patch creates a DOS against
IIS servers that redirect requests:
http://www.incidents.org/diary/diary.php#801
We were seeing IIS crash on a CodeRed patched NT box over the last few
weeks. It turns out to be caused by the combination of CodeRed and
Microsoft's patch. Changing the redirect behavior of the server seems
to have fixed it. Given the way IIS crashes I wouldn't be too surprised
to find out that there is another buffer overrun somewhere in either the
patch or the redirect code.
Mark Radabaugh
Amplex
(419) 833-3635
