RE: CODE RED!!!!!!!!!

thats what I am gonna do. Thanks a lot!!

-----Original Message-----
From: cismic [mailto:cismic@xxxxxxx]
Sent: Monday, August 20, 2001 9:27 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: CODE RED!!!!!!!!!


http://www.ISAserver.org


I only said that you could be infected. Not necessarily that you were
infected. On all public servers I remove all forms of IDQ.DLL and
.printer,
.shmtl, .stm etc to help minimize what could be something else that
contains a hole.




-----Original Message-----
From: Shayne Lebrun [mailto:slebrun@xxxxxxxxxxx] 
Sent: Monday, August 20, 2001 6:15 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: CODE RED!!!!!!!!!

http://www.ISAserver.org


200 does NOT mean that you're infected. 200 means simply that the HTTP
request matched a valid ISA web publishing rule, and therefore was
allowed to go through.  Believe it or not, most of these are quite valid
HTTP requests, if a bit on the longish side.

It's up to the webserver itself to throw out invalid requests, and that
means running patches that guard against these things.

Although I have been idly toying with the idea of a 'site and content
rule' that would block any request to default.ida.  Haven't looked into
it, though, to see if it's feasable.

-----Original Message-----
From: cismic [mailto:cismic@xxxxxxx]
Sent: Monday, August 20, 2001 8:53 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: CODE RED!!!!!!!!!


http://www.ISAserver.org


I would say the 200 at the end of your log entry could mean that you
were infected:

200 - OK Message - the requested HTTP page was fulfilled.
If ISA server blocks the item via the default rule then the log entry
would show 12206.


Joseph




-----Original Message-----
From: Sharma, Shobha [mailto:c-ssharma@xxxxxxxxxxx] 
Sent: Monday, August 20, 2001 5:35 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] CODE RED!!!!!!!!!

http://www.ISAserver.org



This message is in MIME format. Since your mail reader does not
understand
this format, some or all of this message may not be legible.


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
slebrun@xxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
c-ssharma@xxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


Other related posts: