[WEB4LIB] More IIS Horror Stories

William Barnes wbarnes at husky.bloomu.edu
Wed Oct 31 08:18:23 EST 2001 

Funny.

But to be honest, I NEVER connect a machine to the live network until I'm ready for it to be tested.
I always download patches, virus check them, and then burn them to CD-R before I load them on a new server.

There was a comment about RedHat 6.2 and 72 hours.  RedHat 6.2 was less ready for prime time...
However, I just set up a RedHat 7.2 box the other day, and once I disabled all the unneeded services, set my hosts.allow and hosts.deny tcpwrappers, I checked for new security patches, and there wasn't any.

So I plugged it into the network and started beating on it with a few tools I use...

Moral of the story is: Never install a server on a live network.  If you want an active network to test with, plug it into a 5 port 10/100 switch and don't uplink that switch to the network.  Once you got the machine installed, patches, and hardened, then plug it into the live lan and start testing it.



Thanks!
--Bill
*******************************************
*  Bill Barnes, RHCE, CCNA, CNA, MCP, A+
*  Library Network Administrator
*  Harvey A. Andruss Library
*  Bloomsburg University
*  ph: 570-389-2813
*  e-mail: wbarnes at bloomu.edu
*******************************************


>>> "Thomas Dowling" <tdowling at ohiolink.edu> 10/30/01 04:27PM >>>
eWeek's current story on IIS vulnerabilities:
<http://www.eweek.com/article/0,3658,s%253D708%2526a%253D17362,00.asp>.


=========

To see for ourselves how long a default installation of IIS would last in
the wild, eWeek Labs connected a fresh install of Windows 2000 Server to
the outside Internet. As an arbitrary deadline, we immediately started
downloading the network install of Windows 2000 Service Pack 2 and
disconnected from the network when it was done.

The 110MB download took 25 minutes. For the first 15 minutes, we didn't
see any HTTP traffic at all; in the last 10 minutes of the download, we
were infected with Nimda twice-once from two different servers and several
times by our own server reinfecting itself.

=========

Install the server, and get infected before you can download the patches.
Cool.


Thomas Dowling
OhioLINK - Ohio Library and Information Network
tdowling at ohiolink.edu

More information about the Web4lib mailing list