Received: from darkside. (darkside. [210.8.201.180]) by mail. (Weasel v1.20) for ; 09 Aug 2001 01:00:00 From: "Digest" To: "OS/2GenAu Digest" Date: Thu, 09 Aug 2001 01:00:00 +1000 (EDT) Priority: Normal X-Mailer: CASMailer 1.0 for OS/2 Warp PPC 1.05 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: [os2genau_digest] No. 143 Message-ID: <200108090100.000029G6atmail.> Reply-To: Date:- 09 August 2001 Please reply to ianatos2site dot com to post to the list. A small problem with the list Digest Mode software replacing email address. 1================================================ From: "Ian Manners" Date: Wed, 08 Aug 2001 14:36:18 +1000 (EST) Subject: [os2genau] Internet access problems Hi John, and others. At present there are routing problems to Europe, combined with what I suspect is select ISP's refusing connections from IP blocks due to the increase of CodeRed II hits. CodeRed Mark I was very much a non event but CodeRed Mark II by its very intelligent code, is having a greater effect on the Internet as a whole. The Register in England has been having a Load Router problem for those who have had problems getting that site, and I have 7 sites that I cannot get to at present, 3 of these I know are AIX based sites. The 210.x.x.x and 203.x.x.x ranges are generating a lot of traffic re CodeRed, so I can only assume that these Nets, or subnets of these ranges have been added to "Denied" IP's for the time being. os2 dot org dot au, as are all the domains I host, are in the 210.8.201 range of IP address's. CodeRed is also taking out some peoples Routers due to these routers having a HTTP interface, and CodeRed is overloading the Routers themselves. I have had no problems here, as I'm pure OS/2, and AIX, with all external access to my routers turned off :) For those of you running Windows NT or 2000, note that "apparently" when you install these, they enable IIS by default, YOU NEED to either apply the patch, or uninstall your IIS server if you are not using it. http://www.microsoft dot com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-03 3.asp CodeRed II will crash WindowsNT but on Windows2000, it merrily goes about infecting as many IIS servers as it can find. I am getting about 65% of my CodeRed hits from home dialup lines so there must be a lot of Windows 2000 being used at home. http://www.drudgereport dot com/flash7.htm http://www.eeye dot com/html/Research/Advisories/AL20010804.html http://www.newsfactor dot com/perl/story/12546.html and http://www.securityfocus dot com/ if they can fix there server ;-) Cheers Ian B Manners http://www.os2site dot com/ *? <- Grandpa Tribble with his cane 2============================================== Date: Wed, 08 Aug 2001 17:43:23 +0930 From: Gregory Hicks Subject: [os2genau] OS/2 ORG AU Hi All... up at last... will be changing some links... sa members who have a web page tell me so i can set up the members link :) cheers - Gregory P. Hicks CQU Q48036388 ICQ: 69165422 3============================================== From: "Daryl Pilkington" Date: Wed, 08 Aug 2001 18:45:27 +1000 (EST) Subject: Re: [os2genau] Latest Netscape 4.61 odd behaviour? Hi John, Thanks for the info. As I mentioned, it sounds like a TCP timeout value has changed somewhere. Perhaps the default value in the NS refresh is different from previous versions. Add the following to prefs.js user_pref("network.tcptimeout", 60); You must do this with NS not running! Once you have done the above & if you are still having difficulties, try disabling your NS proxies, I've seen weird things happen with proxies. If disabling proxies works, we can look further into tuning NS. Regards, Daryl Pilkington //// The PC-Therapist, Business Computing Integration O OS/2 Warp, Redhat Linux, DB2 IBM Certified Systems Expert email: darylpatpc-therapist dot com dot au ICQ: 91914134 Tel: +61-2-8902-1300 Mob: +61-425-251-300 Fax: +61-2-9411-3720 Mob SMS: 0425251300.0000atorangenet dot com dot au (160 characters max) 4============================================== Date: Wed, 08 Aug 2001 18:50:32 +1000 From: Ed Durrant Subject: Re: [os2genau] Internet access problems Idiots guide to CodeRed - Targets Microsoft IIS 4 and 5 servers who have the indexing function (and hence API) configured. Microsoft IIS is the Microsoft "answer" to Apache web server and others. As Ian mentions, by default (for the "personal web server") Windows 2000 installs this code. I believe the virus was originally designed as a "Denial of Service" virus - overloading the Web Servers network card with rubbish broadcasts, however, in the process even "intelligent" Network switches are hit as they take switch processor resource to try to handle or block these broadcasts. This slows dwn the switch, which causes timeouts and retrys by IP based applications, which in turn adds o the load and hence you have a spiralling problem ! Solution is a patch to stop infection, but if infected the BEST solution is a total format and re-install of the system. Lets hope no-one comes up with an Apache version of this virus ! (over 80% of Web servers are Apache). Cheers/2 Ed.