North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Code Red 2 cleanup; reporting..
[HTML formatting removed] I should have been more clear [comments about nit-picky bit-heads, removed]. Win2K Active Directory clients run some parts of IIS, in order to support Active Directory. Even if, you never installed IIS explicitly. Especially, there is some serious LDAP/IIS integration here. Note the option to share a directory on the web, how do you think that happens? Also note that, users very often don't understand the difference between SMB file sharing and Web Sharing and Win2K goes to great lengths to obfuscate those two anyway. Win2K is a major re-write of the Domain Controller and its clients. Expect large bugs, roaches the size of small dogs. MSFT [lack of] design QA is well known. If you've never built large software systems, you'd not know that you can integration-test the hell out of one [large software system] and still never catch design flaws because it all meets specification. It is the specifications that are wrong. The exploit that CodeRed uses is a classic example. The only thing that works there is remorseless/ruthless high-level architectural peer review. MSFT doesn't do those. They replace that process with a bazillion integration testers. -----Original Message----- From: Tim Devries [mailto:[email protected]] Sent: Friday, August 10, 2001 8:23 AM To: 'Roeland Meyer'; '[email protected]'; [email protected] Subject: RE: Code Red 2 cleanup; reporting.. -----Original Message----- From: Roeland Meyer [mailto:[email protected]] Sent: Friday, August 10, 2001 11:22 AM To: '[email protected]'; [email protected] Subject: RE: Code Red 2 cleanup; reporting.. > From: [email protected] [mailto:[email protected]] > Sent: Friday, August 10, 2001 8:09 AM > > On Fri, 10 Aug 2001, Roeland Meyer wrote: > > > Win2K boxen are ALWAYS running IIS. It doesn't matter > whether you have Pro > > or Server. ALL Win2K systems need to run the patch. MSFT > chose to integrate > > much of the IIS stuff into DLLs with other system critical > stuff. As a > > result, IIS can't be completely removed without killing off > other critical > > functions. Yes, what they proved in court is even more true > with Win2K than > > with Win98 (Duh! MSFT didn't lie, but they didn't tell the > whole truth > > either). WinXP is even more in that direction, from all reports. > > I admit to knowing very little about Win2k, but on the only box I've > installed Win2k on, it doesn't *appear* to be running: > > Port State Protocol Service > 135 open tcp loc-srv > 139 filtered tcp netbios-ssn > 445 open tcp microsoft-ds > 1025 open tcp list > > ...unless it runs on one of those 3 other open ports? This was Win2k > Client, not server, BTW...perhaps you mean every Win2k Server? Win2k proffesional can run IIS. Goto add remove programs -->add/remove windows components ---> IIS. You probably did not select the component on the install. So I guess that means that not every w2k box is vulnerable. Tim
|