SL2

This is a new worm that uses the exploit that code red uses, so make sure your servers are patched. I'm getting alot more of these attempts on my servers at work then the code red worm. Started seeing this one on saturday.

ChrisB

I'm all patched up at work.

A very useful free tool to check your servers over with to ensure you aren't vunerable.

Puff The Magic Wagon!

iTrader: (2)

Anyone else had a buggered W2K SQL 7.0 server??? It had W2K SP2 & 7.0 SP3 & after applying the W2k anti-code red patch, on re-boot knackered SQL database Shafted dll...

May be a co-incidence but this is Microsoft we're talking about

Anyhow, its all back together & IIS is no-longer avail on that server (previous default install ) - just tedious

WillieF

Personally Puff I wouldn't mix W2K and SQL 7 bit of a 'orrible Microsoft mix IMO.

Am I right in saying that you are a beta site for the latest DA systems masterpiece? If so and you have the time I would appreciate a wee chat offline if you don't mind...

[This message has been edited by WillieF (edited 06 August 2001).]

kryten

Puff, what is it about you and computers?!
I've got Win2k, SQL 2000, Oracle plus lots of other stuff and the patches applied fine!

For anyone who's responsible for a server, I'd suggest getting the MS HOTFIX checker (don't think that windows update gets you ALL the fixes: it doesn't!) as well as subscribing to at least the MS security mailing list.

I've had 40 code red attempts per day on one of my machines (increasing each day since the first) and despite knowing I'd patched it, still panicked when I realised I'd not removed the .ida mappings from one website!

ChrisB

One of our web servers runs Win 2000 AS and SQL 2000 and no problems with the patch.

Not tried SQL 7 + W2000 with the patch though.

<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:<HR>I'd suggest getting the MS HOTFIX checker (don't think that windows update gets you ALL the fixes: it doesn't!) <HR></BLOCKQUOTE>

We've modified it to send e-mail alerts when missing hotfixes are found. I'll trade a copy for a beer or two.

ChrisB.

[This message has been edited by ChrisB (edited 06 August 2001).]

Puff The Magic Wagon!

iTrader: (2)

Willie

Yup - no worries m8

Anytime (well work hrs )

020 7702 9900
07976 327 679

Heard that you'd surprised Sandra!!

boomer

Does anyone know what the real impact of the latest Code Red II is having on the Internet?

I am getting loads of HTTP access attempts (stealth blocked by my firewall), typically from 212.*.*.* addresses. The first batch (they are typically in threes) came two minutes into me connecting via dial-up.

Bloody kids!!

mb

SL2

It is spreading very quickly. You will mostly see the attacks, from computers on the same isp's network.

check this website

mega_stream

anyone know what requests would hit the firewall if an attack was taking place from the outside on a web server in the dmz?

boomer

SL2,

thanks for the GRC pointer (i should of thought of that in the first place )

It looks very worrying, because "part time" system managers won't know how to put all the bits back, once it's broken.

Why-oh-why do Microsoft write such (un-necessarily) complex code (with not enough error traps)

mb