Brian wrote:

> You're OK.  As long as you don't have IIS running on an NT machine
> accessible to the world all is fine and dandy.  Since this worm is using
> exploits only found in IIS any subsequent variants (oh, you bet there will
> be more) it will never affect Apache.

This is what I have always been told.  But I am puzzled about something:

Steve Siegfried wrote:

> Of the CodeRedII hits that nslookup doesn't fail on, nslookup showed they came
> from:
>         48%     .home.com
>         18%     .rr.com
>          7%     .mediaone.net
>          4%     .shawcable.net
>          4%     .dyn.optonline.net

Does this mean all of these cable users are running NT (or 2000) with IIS?  I would 
expect them to be mostly MS Windows of some sort, but more of the 9x/ME variant and 
hence not directly part of this.  And why would they be running IIS?

Glenn McDavid
mailto:gmcdavid at winternet.com
http://www.winternet.com/~gmcdavid