[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-developers] Re: Buffer overrun & GET /default.ida

Subject: [cobalt-developers] Re: Buffer overrun & GET /default.ida
From: Roger Asbury <rlasbury@xxxxxxxx>
Date: Thu Jul 19 07:15:01 2001
List-id: Discussion Forum for developers on Cobalt Networks products <cobalt-developers.list.cobalt.com>

Just a small rant....

I've noticed both here and some other mailing lists/message boards
comments from non-IIS users that attacks/hacks such as this do not
affect us because we are using <insert other OS/Web Server here>.

While fundamentally, that's true, in that the attacker (or automated
script) does not make it into our system, I think it misses a greater
point.  These attacks DO affect our systems, or the systems we are
connected to.  This particular attack, Code Red, and many others do
massive scanning of systems.  This can result in slowed connections, or
denial of services.  To cast a blind eye, or dismiss the problem simply
makes the problem worse.

If you know someone with IIS, or you gather the IP info of the attacking
machines, letting these people know that their systems are compromised
(or compromisable), or actively encouraging the use of other Web/System
software, would seem to be a better policy then simply ignoring or
dismissing these problems.

-- 
----------------------
Roger Asbury
GVEA Web Coordinator
rlasbury@xxxxxxxx
http://www.gvea.com
----------------------

Prev by Date: Re: [cobalt-developers] GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
Next by Date: Re: [cobalt-developers] Buffer overrun? [MORE]
Previous by thread: [cobalt-developers] no web log files
Next by thread: [cobalt-developers] Re-Installing Raq4 from hda2

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index