Received: from darkside. (darkside. [210.8.201.180]) by 
 mail. (Weasel v1.20) for <deadmail>; 
 09 Aug 2001 01:00:00 
From: "Digest" <ianatos2site dot com>
To: "OS/2GenAu Digest" <deadmail>
Date: Thu, 09 Aug 2001 01:00:00 +1000 (EDT)
Priority: Normal
X-Mailer: CASMailer 1.0 for OS/2 Warp PPC 1.05
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: [os2genau_digest] No. 143
Message-ID: <200108090100.000029G6atmail.>
Reply-To: <deadmail>

Date:- 09 August 2001

Please reply to ianatos2site dot com to post to the list.
A small problem with the list Digest Mode software replacing email address.
1================================================

From: "Ian Manners" <ianatos2site dot com>
Date: Wed, 08 Aug 2001 14:36:18 +1000 (EST)
Subject: [os2genau] Internet access problems

Hi John, and others.

At present there are routing problems to Europe, combined
with what I suspect is select ISP's refusing connections from
IP blocks due to the increase of CodeRed II hits.

CodeRed Mark I  was very much a non event but
CodeRed Mark II by its very intelligent code, is having
a greater effect on the Internet as a whole.

The Register in England has been having a Load Router
problem for those who have had problems getting that
site, and I have 7 sites that I cannot get to at present, 3 of
these I know are AIX based sites.
The 210.x.x.x and 203.x.x.x ranges are generating a
lot of traffic re CodeRed, so I can only assume that
these Nets, or subnets of these ranges have been
added to "Denied" IP's for the time being.

os2 dot org dot au, as are all the domains I host, are in the
210.8.201 range of IP address's.

CodeRed is also taking out some peoples Routers
due to these routers having a HTTP interface,
and CodeRed is overloading the Routers themselves.

I have had no problems here, as I'm pure OS/2, and
AIX, with all external access to my routers turned off :)

For those of you running Windows NT or 2000, note that
"apparently" when you install these, they enable IIS by
default, YOU NEED to either apply the patch, or uninstall
your IIS server if you are not using it.
                  
http://www.microsoft dot com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-03
3.asp

CodeRed II will crash WindowsNT but on Windows2000, it
merrily goes about infecting as many IIS servers as it
can find.

I am getting about 65% of my CodeRed hits from home
dialup lines so there must be a lot of Windows 2000 being
used at home.

http://www.drudgereport dot com/flash7.htm
http://www.eeye dot com/html/Research/Advisories/AL20010804.html
http://www.newsfactor dot com/perl/story/12546.html

and
http://www.securityfocus dot com/
if they can fix there server ;-)


Cheers
Ian B Manners
http://www.os2site dot com/

*?            <- Grandpa Tribble with his cane

2==============================================

Date: Wed, 08 Aug 2001 17:43:23 +0930
From: Gregory Hicks <ghicksatihug dot com dot au>
Subject: [os2genau] OS/2 ORG AU

Hi All...

up at last...

will be changing some links... sa members who have a web page tell me so i can set up the
members link :)

cheers
-
Gregory P. Hicks
CQU Q48036388

ICQ: 69165422

3==============================================

From: "Daryl Pilkington" <u3232athome.dialix dot com>
Date: Wed, 08 Aug 2001 18:45:27 +1000 (EST)
Subject: Re: [os2genau] Latest Netscape 4.61 odd behaviour?

Hi John,
Thanks for the info.
As I mentioned, it sounds like a TCP timeout value has changed
somewhere.
Perhaps the default value in the NS refresh is different from previous
versions.

Add the following to prefs.js
user_pref("network.tcptimeout", 60);

You must do this with NS not running!

Once you have done the above & if you are still having difficulties,
try disabling your NS proxies, I've seen weird things happen with
proxies.
If disabling proxies works, we can look further into tuning NS.
Regards, 

Daryl  Pilkington 

//// The PC-Therapist, Business Computing Integration
O<O  AUSTRALIA
\_/
<O>  OS/2 Warp, Redhat Linux, DB2
     IBM Certified Systems Expert

        email: darylpatpc-therapist dot com dot au
          ICQ: 91914134
          Tel: +61-2-8902-1300
          Mob: +61-425-251-300
          Fax: +61-2-9411-3720
      Mob SMS: 0425251300.0000atorangenet dot com dot au (160 characters max)

4==============================================

Date: Wed, 08 Aug 2001 18:50:32 +1000
From: Ed Durrant <edurrantatbigpond dot net dot au>
Subject: Re: [os2genau] Internet access problems

Idiots guide to CodeRed -

 Targets Microsoft IIS 4 and 5 servers who have the indexing function (and hence
API) configured. Microsoft IIS is the Microsoft "answer" to Apache web server
and others.

 As Ian mentions, by default (for the "personal web server") Windows 2000 installs
this code.

 I believe the virus was originally designed as a "Denial of Service" virus - overloading
the Web Servers network card with rubbish broadcasts, however, in the process even
"intelligent" Network switches are hit as they take switch processor resource to try to
handle or block these broadcasts. This slows dwn the switch, which causes timeouts and
retrys by IP based applications, which in turn adds o the load and hence you have a spiralling
problem !

Solution is a patch to stop infection, but if infected the BEST solution is a total format
and re-install of the system.

Lets hope no-one comes up with an Apache version of this virus ! (over 80% of Web servers
are Apache).

Cheers/2
Ed.
