Code Red on dial-in ppp
Mitch Halmu
mitch at netside.net
Sat Jul 21 16:36:49 UTC 2001
On Sat, 21 Jul 2001, Jason A. Mills wrote:
> I'm not sure I see why a POTS PPP link, or some other slow(er) on demand
> link might stop CodeRed. The first-pass payload is under 4096 bytes
> including framing, not exactly something you need a lot of low-latency
> bandwidth to push through. :-/
>
> -J
The problem I described is that the Windows machines in question are not
necessarily dedicated web servers, but can be regular dial-in users.
Normally, such users don't run a web server over dial-up, yet they seem
to be vulnerable if the attack occurs while they're connected. No relation
to the connection bandwidth was implied.
--Mitch
NetSide
More information about the NANOG
mailing list