[unisog] Re: Code Red(s) being confused with sadmind/IIS worm?

John K. Lerchey lerchey at andrew.cmu.edu
Fri Aug 10 17:34:12 GMT 2001

There is also the entire issue of things like laptops running Win2K in a
wireless environment.  The students turn on "personal web server" (IIS)
unpatched, and bounce on and off the network frequently.  When they're on,
they're causing problems... then they go away before we can track them


John K. Lerchey
Computer and Network Security Coordinator
Computing Services
Carnegie Mellon University

On Fri, 10 Aug 2001, Paul L Schmehl wrote:

> --On Friday, August 10, 2001 11:01 AM -0400 Anne Bennett
> <anne at alcor.concordia.ca> wrote:
> > a likely sadmind (how does one pronounce that,
> > anyway?) infection at that time.
> >
> I pronounce it s-admin-d, but I suppose you could pronounce it sad mind. :-)
> >  (I can't *believe* the volatility of the IIS servers in
> > my domain -- this week they've been appearing and disappearing at the
> > rate of two per day.)
> >
> You experience isn't unique.  We have never had two identical scan results.
> I think it has to do with machines being turned off and on at various times
> (unlike servers, these workstations aren't critical - at least their
> "owners" don't think of them that way), and machines being installed
> without any awareness of what's running on them.
> Paul L. Schmehl, pauls at utdallas.edu
> http://www.utdallas.edu/~pauls/
> Supervisor, Support Services
> The University of Texas at Dallas
> AVIEN Founding Member

More information about the unisog mailing list