Code Red affecting IIS and Proxy

[David Lamb <david.lamb () hcn org uk>]

Hi

It would seem that there is a possible problem with the Code Red virus
affecting IIS server and MS Proxy, even if you have applied the
buffer-overflow patch.  We have experienced problems with our Proxy server
stopping.  The sequence of events is as follows.

An infected machine on the internet tries to access the one of two IIS
servers here.
It fails because we are patched.
The Default website, Admin website and FTP site all stop.
The proxy server stops proxy traffic, though the service shows as running.
Using Internet Service Manager to restart the three stopped sites and the
Proxy traffic starts again.

One of our servers is running IIS and Proxy, the other just IIS.  They are
on the same class C.  A colleague at another company reports the same
symptoms.  We have another 2 IIS servers, on a separate network running IIS
4 and NT4 SP5 and SP6a.  Both are fine, and there is no Proxy server on that
network.


David Lamb
Systems Manager
HCN
Omega Park  Alton
Hampshire  GU34 2QE
Direct Tel: +44 (0) 1420 567209
Tel: +44 (0) 1420 86848
Fax: +44 (0) 1420 89889
E-mail: mailto:david.lamb () hcn org uk
Web: www.hcn.org.uk

'The Leader in Health Internet & Clinical Software'