[Dshield] Re: Dshield digest, Vol 1 #193 - 14 msgs

Brian P. Donohue zbd at u.washington.edu
Thu Aug 9 19:24:32 GMT 2001


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It's only the Server versions of W2K that install some IIS components
by default.  During installation, there's a "Component Wizard" where
one chooses the components to be installed.

I blame Microsoft for bad judgement in making this a default.  They
really should think about an installation interface that asks what
kind of server you're installing, a la Red Hat 7.1.  

That said, Microsoft's lousy design choices are not an excuse for an
installer not paying attention to what he's doing during a server OS
installation.

- -----Original Message-----
From: dshield-admin at dshield.org [mailto:dshield-admin at dshield.org]On
Behalf Of Paul M. Puccinelli
Sent: Thursday, August 09, 2001 10:23 AM
To: dshield at dshield.org
Subject: RE: [Dshield] Re: Dshield digest, Vol 1 #193 - 14 msgs


I believe you have to manually choose it on W2K Professional.  I
checked
a few machines here - Dells with factory installs- and none had IIS
running. 

- -----Original Message-----
From: Josh [mailto:Josh at raintreeinc.com] 
Sent: Thursday, August 09, 2001 8:49 AM
To: dshield at dshield.org
Subject: [Dshield] Re: Dshield digest, Vol 1 #193 - 14 msgs


Date: Wed, 08 Aug 2001 16:28:03 -0500
To: dshield at dshield.org
From: "Jonathan G. Lampe" <jonathan at stdnet.com>
Subject: Re: [Dshield] Short story/Code Red question
Reply-To: dshield at dshield.org


>Now the question. I called the user to advise he was infected. He
>had a  

>vanilla W2k machine and didn't bother to patch it since he didn't
>think  

>IIS was on. I've read it's on by default. But, not the whole IIS 
>package, I can't believe that.... Haven't tried it myself.... What's
> the real answer?

None of my installations of W2k Pro had IIS installed unless I
specifically installed it after the original installation of the OS,
but
it's been a while since I did an install, and I have the
time-consuming
but beneficial habit of doing custom installations of everything I
install whenever I get the chance -- perhaps I just don't like
labelling
myself as either Typical or Recommended for Most Users :-) -- so I
might
have just turned it off. Anyway, if memory serves, IIS does not
install
by default with w2k pro.

Josh Tolley

>On m$ w2k SERVER or ADVANCEDSERVER IIS is indeed installed by
>default.  

>(You need to UNCHECK a box during the install to not install
>IIS.)  The good news is that IIS does not seem to install by default
>on  

>w2k WORKSTATION, er.. PROFESSIONAL.  (Anyone know about m$ Personal
>Web  

>Server or whatever the limited variant of IIS is?)
>
>When you install IIS you generally get an admin and a sample area by
> default, but these are (I think) restricted to 127.0.0.1 access out
>of  the box.  (Finally?!)  Unfortunately however the wwwroot area is
>public  

>and available to the whole world, and if you can get to that...well
>you  

>know the rest.
>
>BTW, ALL shipping extensions (including .ida and .idq) are turned on
>by  

>default - that's the other half of the reason that Code Red is as 
>successful as it is.  If you look back on the posts, you'll even see
>a  cautionary tale from a reader who decided to plug his IIS box
>into the  network before config'ing.  (Less than five minutes after
>plugging in  his brand new machine was attacking other boxes.)
>
>- Jonathan Lampe - Standard Networks, Inc. - 608.227.6100 - 
>jonathan at stdnet.com -

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBO3Lja0Zz540guc7SEQKJCQCfbuQYc32yRp9cuB2jC/QVBhgHAwwAoIoL
yx3KJT2F9lwV6iO8d4NSqhdQ
=qYIE
-----END PGP SIGNATURE-----




More information about the list mailing list