[windows2000] Nimda
- From: Jim Walls <k6ccc@xxxxxxxxxxxxx>
- To: Windows 2000 List <WINDOWS2000@xxxxxxxxxxxxx>
- Date: Sun, 30 Jun 2002 06:30:10 -0700
Just wanted to let you know that although the media has long since
forgotten about the Nimda virus is alive and well. I did something I
knew was stupid and got caught so keep your defenses up.
Here are the details (for those interested). I have 4 computers at home
all running Win2K in a workgroup. I had never had IIS installed on any
of them and therefore had not bothered putting in the security patches
that are a very well know requirements for doing so. Last Wednesday
night I had a need to turn up an ftp server on one of the computers and
decided to play with IIS. I installed IIS and built an extremely simple
default web page, and put the files that needed to be FTPed in the
appropriate directory. I then re-configured my router to route ports 21
& 80 to that computer. Because it was 0100 and I had to get up for work
at 0500, I put off putting in the security "until the next day". Later
the person who was intended to FTP a bunch of files did so and it worked
nicely and the web page worked fine. It was nice to see it working
correctly. Friday (my day off and when I planned on putting in the
security) I came home to find that both computers that were turned on
and the DSL connection all flashing like mad on the hub - this was not
good! I immediatly guessed (correctly) what had happened and pulled the
cable from the DSL to the router. Did some checking and sure enough
W32.Nimda.A@mm was found on both computers. Used the cleanup tool from
Symantec and it worked just fine.
OK, I'll admit it, I did something stupid. Just a fair warning that we
all need to keep our defenses up on these computers.
-----------------------------
Jim Walls
k6ccc@xxxxxxxxx
(626) 302-8515
==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
Other related posts:
