RE: CR II - winME? confirmation?

[Gregory_DeGennaro () csaa com]

Oliver,

This is a standard attack pattern from the worm.  Check your system for
either the ida.dll or the idq.dll.  If you do not have either of these dll
files then do not worry about it.   Plus, you need to have Internet service
running on your box.  I have not seen anyone who has been infected by this
worm 
using a Windows 9x or ME machines.  I do not have these services running and
I have
recieved 306 attacks in 22 hours from the worm on my *nix firewall.

Steve Gibson's theory is not as scary as it seems.  *nix has been using raw
sockets for years.  The real issue here, is never place a windows machine
directly on the Internet without maintaining it properly.  I would place
a good hardened firewall in front of any Microsoft machine before connecting
to the Internet.

Greg

PS- What does not make sense in the article

-----Original Message-----
From: Petruzel, Oliver [mailto:OliverP () aegisresearch com]
Sent: Monday, August 06, 2001 8:01 AM
To: VULN-DEV () securityfocus com
Subject: CR II - winME? confirmation?


ok, this makes no sense, and ive only see it one place:

http://www.securitynewsportal.com/article.php?sid=1367

I'm just wondering if this is popping up anywhere else.  If it is, then it
cant be CR2 as we know it, and it opens up a can of worms that is scary.
Similar even, to Steve Gibson's prediction that a consumer based OS with a
big hole would do serious damage.

but again, since IIS is CR, then this was either a big fat anaonymous lie,
or something different.  Anyone seen any discussion on this?

-o.p.