Bugtraq mailing list archives
Code Red affecting IIS and Proxy
From: David Lamb <david.lamb () hcn org uk>
Date: Mon, 6 Aug 2001 12:51:52 +0100
Hi It would seem that there is a possible problem with the Code Red virus affecting IIS server and MS Proxy, even if you have applied the buffer-overflow patch. We have experienced problems with our Proxy server stopping. The sequence of events is as follows. An infected machine on the internet tries to access the one of two IIS servers here. It fails because we are patched. The Default website, Admin website and FTP site all stop. The proxy server stops proxy traffic, though the service shows as running. Using Internet Service Manager to restart the three stopped sites and the Proxy traffic starts again. One of our servers is running IIS and Proxy, the other just IIS. They are on the same class C. A colleague at another company reports the same symptoms. We have another 2 IIS servers, on a separate network running IIS 4 and NT4 SP5 and SP6a. Both are fine, and there is no Proxy server on that network. David Lamb Systems Manager HCN Omega Park Alton Hampshire GU34 2QE Direct Tel: +44 (0) 1420 567209 Tel: +44 (0) 1420 86848 Fax: +44 (0) 1420 89889 E-mail: mailto:david.lamb () hcn org uk Web: www.hcn.org.uk 'The Leader in Health Internet & Clinical Software'
Current thread:
- Code Red affecting IIS and Proxy David Lamb (Aug 06)