[unisog] mysterious IIS failures

Russell Fulton r.fulton at auckland.ac.nz
Thu Jan 15 20:43:15 GMT 2004


On Fri, 2004-01-16 at 07:36, Jim Duncan wrote:

> Hi, Russ.  I suggest the machines be re-installed and the patches 
> applied _before_ they are reconnected to the network.

Our standard practise is to do initial install then apply a few critical
patches (dcom, rpc etc) usually from a USB device and then put the
machine on the local network (no access to outside world) and get the
full patch set from the local SUS server.  At this point we enable
external access if needed. This is much like your colleague's method. 

What is interesting about these machines is that they were fully patched
and behaving normally until work was done on IIS then they starting
behaving as if they had been infected with blaster (although none of the
tell tale files could be found).

-- 
Russell Fulton                                    /~\  The ASCII
Network Security Officer                          \ /  Ribbon Campaign
The University of Auckland                         X   Against HTML
New Zealand                                       / \  Email!




More information about the unisog mailing list