Code Red on dial-in ppp

• Previous message (by thread): Code Red on dial-in ppp
• Next message (by thread): Code Red on dial-in ppp
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 21 Jul 2001, Mitch Halmu wrote:

> On Sat, 21 Jul 2001, Jason A. Mills wrote:
> 
> > I'm not sure I see why a POTS PPP link, or some other slow(er) on demand
> > link might stop CodeRed. The first-pass payload is under 4096 bytes
> > including framing, not exactly something you need a lot of low-latency
> > bandwidth to push through. :-/
> 
> The problem I described is that the Windows machines in question are not 
> necessarily dedicated web servers, but can be regular dial-in users. 
> Normally, such users don't run a web server over dial-up, yet they seem
> to be vulnerable if the attack occurs while they're connected. No relation 
> to the connection bandwidth was implied.

Have you port scanned said users?  You might be suprised how many dialup
users are running httpd.  And smtpd.  And pop3d.  And named.  And,
of course, an IRC bot...all usually on their windoze machines, because,
like, they're really advanced users, see?

Hint:  These are often the same users you have to nag about continuous
connections.

James Smallacombe		      PlantageNet, Inc. CEO and Janitor
up at 3.am							    http://3.am
=========================================================================

• Previous message (by thread): Code Red on dial-in ppp
• Next message (by thread): Code Red on dial-in ppp
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]