More IIS Horror Stories
Thomas Dowling
tdowling at ohiolink.edu
Tue Oct 30 16:15:44 EST 2001
eWeek's current story on IIS vulnerabilities:
<http://www.eweek.com/article/0,3658,s%253D708%2526a%253D17362,00.asp>.
=========
To see for ourselves how long a default installation of IIS would last in
the wild, eWeek Labs connected a fresh install of Windows 2000 Server to
the outside Internet. As an arbitrary deadline, we immediately started
downloading the network install of Windows 2000 Service Pack 2 and
disconnected from the network when it was done.
The 110MB download took 25 minutes. For the first 15 minutes, we didn't
see any HTTP traffic at all; in the last 10 minutes of the download, we
were infected with Nimda twice-once from two different servers and several
times by our own server reinfecting itself.
=========
Install the server, and get infected before you can download the patches.
Cool.
Thomas Dowling
OhioLINK - Ohio Library and Information Network
tdowling at ohiolink.edu
More information about the Web4lib
mailing list